CVE-2025-64435Improper Check or Handling of Exceptional Conditions in Kubevirt

CWE-703Improper Check or Handling of Exceptional Conditions7 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 85.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
KubevirtKubevirt.io Kubevirt
Timeline
PublishedNov 7
Latest updateNov 17

Description

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

CVEListV5kubevirt/kubevirt< 1.7.0-beta.0
Gokubevirt.io/kubevirt< 1.7.0-beta.0
NVDkubevirt/kubevirt1.6.3+1

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt2025-11-17
CVEList
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation2025-11-07
OSV
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation2025-11-06
GHSA
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation2025-11-06

📋Vendor Advisories

2
Microsoft
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation2025-11-11
Red Hat
kubevirt.io/kubevirt: KubeVirt VMI Denial-of-Service Using Pod Impersonation2025-11-07
CVE-2025-64435 — Kubevirt vulnerability | cvebase