CVE-2025-64324Sensitive Information Exposure in Kubevirt

CWE-200Sensitive Information ExposureCWE-732Incorrect Permission AssignmentCWE-123Write-what-where ConditionCWE-708Incorrect Ownership Assignment7 documents6 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 99.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KubevirtKubevirt.io Kubevirt
Timeline
PublishedNov 18

Description

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5kubevirt/kubevirt1.7.0-alpha.01.7.0-rc.0+1
NVDkubevirt/kubevirt< 1.6.1+1
Gokubevirt.io/kubevirt1.7.0-alpha.01.7.0-rc.0+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
CVEList
KubeVirt Vulnerable to Arbitrary Host File Read and Write2025-11-18
OSV
KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt2025-11-17
GHSA
KubeVirt Vulnerable to Arbitrary Host File Read and Write2025-11-07
OSV
KubeVirt Vulnerable to Arbitrary Host File Read and Write2025-11-07

📋Vendor Advisories

2
Red Hat
kubevirt.io/kubevirt: KubeVirt: Arbitrary file read/write and privilege escalation via hostDisk feature2025-11-18
Microsoft
KubeVirt Vulnerable to Arbitrary Host File Read and Write2025-11-11