Kubevirt.Io Kubevirt vulnerabilities

CVE-2025-14525 [MEDIUM] CWE-770 KubeVirt Guest Agent DoS via Excessive Network Interface Reports KubeVirt Guest Agent DoS via Excessive Network Interface Reports A flaw was found in KubeVirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI)

CVE-2025-64324 [HIGH] CWE-123 KubeVirt Vulnerable to Arbitrary Host File Read and Write KubeVirt Vulnerable to Arbitrary Host File Read and Write ### Summary The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, the implementation of this feature and more specifically the `DiskOrCreate` option which creates a file if it doesn't exist, has a logic bug that allows an attacker to read and write arbitrary files owned by more p

CVE-2025-64434 [MEDIUM] CWE-287 KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing ### Summary Due to improper TLS certificate management, a compromised `virt-handler` could impersonate `virt-api` by using its own TLS credentials, allowing it to initiate privileged operations against another `virt-handler`. ### Details _Give all details on the vulnerability. Pointing to the in

CVE-2025-64432 [MEDIUM] CWE-287 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer ### Summary _Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is

CVE-2025-64437 [MEDIUM] CWE-59 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes ### Summary _Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the `virt-handler` component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID `107` due to mishandling of symlinks when determining the root mount of

CVE-2025-64435 [MEDIUM] CWE-703 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation ### Summary _Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the `virt-controller` allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate `virt-launcher` pod associated with the VMI. This can mislead the `virt-controller` into assoc

CVE-2025-64433 [MEDIUM] CWE-22 KubeVirt Arbitrary Container File Read KubeVirt Arbitrary Container File Read ### Summary _Short summary of the problem. Make the impact and severity as clear as possible. Mounting a user-controlled PVC disk within a VM allows an attacker to read any file present in the `virt-launcher` pod. This is due to erroneous handling of symlinks defined within a PVC. ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is very helpf

CVE-2025-64436 [MEDIUM] CWE-269 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes ### Summary The permissions granted to the `virt-handler` service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. ### Details Following the [GitHub security advisory published on March 23 2023](htt

CVE-2024-33394 [MEDIUM] CWE-94 kubevirt allows a local attacker to execute arbitrary code via a crafted command kubevirt allows a local attacker to execute arbitrary code via a crafted command An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

CVE-2020-14316 [CRITICAL] CWE-269 Privilege Escalation in kubevirt Privilege Escalation in kubevirt A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data c

CVE-2024-31420 [MEDIUM] CWE-476 KubeVirt NULL pointer dereference flaw KubeVirt NULL pointer dereference flaw A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

CVE-2023-26484 [HIGH] CWE-863 On a compromised node, the virt-handler service account can be used to modify all node specs On a compromised node, the virt-handler service account can be used to modify all node specs ### Impact If a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components (which can for instanc

CVE-2022-1798 [MEDIUM] CWE-22 Duplicate Advisory: KubeVirt arbitrary host file read from the VM Duplicate Advisory: KubeVirt arbitrary host file read from the VM ## Duplicate Advisory This advisory is a duplicate of [GHSA-qv98-3369-g364](https://github.com/advisories/GHSA-qv98-3369-g364). This link is maintained to preserve external references. ## Original Description **Summary** As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization whic

CVE-2020-1701 [MEDIUM] CWE-732 Permissions bypass in KubeVirt Permissions bypass in KubeVirt A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.