← Back

CVE-2025-64435

nvd nist
Published: Nov 7, 2025Modified: Nov 25, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.6 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0.

Affected (2)

Products: Kubevirt: Kubevirt
Kubevirt
1 product
Kubevirt
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Kubevirt
Kubevirt
Up to 1.6.3
Kubevirt
Version 1.7.0 alpha0

Related CWEs

CWE-703
Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.