We verified that kubelet in EKS AMIs (1.34) is compiled with
github.com/opencontainers/selinux <1.13.0, which is vulnerable to CVE-2025-52881.
Since kubelet is statically compiled, this cannot be remediated at the OS or AMI level.
Can you confirm:
- which upcoming EKS-Distro release will include go-selinux ≥1.13.0?
- whether a rebuild is planned?
We verified that kubelet in EKS AMIs (1.34) is compiled with
github.com/opencontainers/selinux <1.13.0, which is vulnerable to CVE-2025-52881.
Since kubelet is statically compiled, this cannot be remediated at the OS or AMI level.
Can you confirm: