PT-2025-45513 · Kubevirt+1 · Kubevirt+1

Publicado

2025-11-06

Atualizado

2026-02-27

CVE-2025-64435

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0

Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance (VMI) by creating a pod with labels matching those of the legitimate virt-launcher pod associated with the VMI. This can cause the virt-controller to incorrectly associate the malicious pod with the VMI, leading to incorrect status updates and a potential Denial-of-Service (DoS) condition. The issue stems from a logic error in how the virt-controller manages pod associations with VMIs.

Recommendations Upgrade to KubeVirt version 1.7.0-beta.0 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-703

Identificadores relacionados

AZL-69802

AZL-69964

CVE-2025-64435

GHSA-9M94-W2VQ-HCF9

GO-2025-4105

OPENSUSE-SU-2026:20281-1

SUSE-SU-2026:0479-1

SUSE-SU-2026:20551-1

SUSE-SU-2026:20610-1

Produtos afetados

Kubevirt

Kubernetes

PT-2025-45513 · Kubevirt+1 · Kubevirt+1

CVE-2025-64435

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40