CNNVD-202511-1968 Information

Nov 18, 2025 cve

CNNVD ID

CNNVD-202511-1968

CVE-2025-64324

CNNVD Published: 2025-11-18

Description (Chinese)

Kubevirt是KubeVirt开源的一款虚拟机管理器。 Kubevirt 1.6.1之前版本和1.7.0之前版本存在安全漏洞，该漏洞源于hostDisk功能逻辑错误，可能导致读取和写入任意文件。

Description (English)

Kubevirt is a virtual machine manager for the KubeVirt open source. There was a security loophole in the previous version of Kubevirt 1.6.1 and the previous version of 1.7.0, which originated from a postdisk functional logical error that could lead to reading and writing any document.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

KubeVirt

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764 https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69 https://github.com/kubevirt/kubevirt/pull/15037 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324 https://vigilance.fr/vulnerability/KubeVirt-five-vulnerabilities-dated-09-12-2025-49023

Patch

https://github.com/kubevirt/kubevirt/releases

Share on: