CVE-2025-14459

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions KubeVirt Containerized Data Importer (CDI) (affected versions not specified)

Description A flaw exists in KubeVirt Containerized Data Importer (CDI) that allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces. This can lead to unauthorized access to data through the DataImportCron PVC source mechanism.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

AZL-75395

AZL-75404

AZL-75443

AZL-75446

AZL-75494

CVE-2025-14459

Affected Products

Kubevirt Cdi

CVE-2025-14459

Weakness Enumeration

Related Identifiers

Affected Products

References · 12