CVE-2025-58354 — Improper Check for Unusual or Exceptional Conditions in Kata-containers

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 79.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kata-containers Msrc Azl3 Kata-containers-cc 3.15.0.aks0-5 ON Azure Linux 3.0 Msrc Azl3 Kata-containers 3.19.1.kata2-1 ON Azure Linux 3.0 +3 more

Timeline

PublishedSep 23

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5kata-containers/kata-containers< 3.21.0

▶msrcmsrc/cbl2_kata-containers_3.2.0.azl2-7_on_cbl_mariner_2.0

▶msrcmsrc/azl3_kata-containers_3.19.1.kata2-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kata-containers_3.19.1.kata2-2_on_azure_linux_3.0

▶msrcmsrc/cbl2_kata-containers-cc_3.2.0.azl2-8_on_cbl_mariner_2.0

📋Vendor Advisories

Red Hat

kata-containers: Kata Containers coco-tdx malicious host can circumvent initdata verification↗2025-09-23

▶

Microsoft

Kata Containers coco-tdx malicious host can circumvent initdata verification↗2025-09-09

▶