Stoyan Nikolov

**Name of the Vulnerable Software and Affected Versions** kubevirt versions 0.29 and earlier **Description** A flaw in kubevirt allows Virtual Machine Instances (VMIs) to be used to gain access to the host's filesystem. Successful exploitation enables an attacker to assume the privileges of the VM process on the host system, potentially reading and modifying any file on the system where the VMI is running. This poses a significant threat to data confidentiality and integrity, as well as system availability. **Recommendations** For kubevirt versions 0.29 and earlier, consider restricting access to Virtual Machine Instances (VMIs) to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional security measures to limit the privileges of the VM process on the host system.