PT-2025-45513 · Kubevirt+1 · Kubevirt+1

Published

2025-11-06

Updated

2026-02-27

CVE-2025-64435

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0

Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance (VMI) by creating a pod with labels matching those of the legitimate virt-launcher pod associated with the VMI. This can cause the virt-controller to incorrectly associate the malicious pod with the VMI, leading to incorrect status updates and a potential Denial-of-Service (DoS) condition. The issue stems from a logic error in how the virt-controller manages pod associations with VMIs.

Recommendations Upgrade to KubeVirt version 1.7.0-beta.0 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703

Related Identifiers

AZL-69802

AZL-69964

CVE-2025-64435

GHSA-9M94-W2VQ-HCF9

GO-2025-4105

OPENSUSE-SU-2026:20281-1

SUSE-SU-2026:0479-1

SUSE-SU-2026:20551-1

SUSE-SU-2026:20610-1

Affected Products

Kubevirt

Kubernetes

PT-2025-45513 · Kubevirt+1 · Kubevirt+1

CVE-2025-64435

Weakness Enumeration

Related Identifiers

Affected Products

References · 40