CNNVD-202511-750 Information

CNNVD ID

CNNVD-202511-750

Related CVE

CVE-2025-64436

• CNNVD Published: 2025-11-07

Description (Chinese)

Kubevirt是KubeVirt开源的一款虚拟机管理器。 Kubevirt 1.5.0及之前版本存在安全漏洞，该漏洞源于virt-handler服务账户权限过高，可能导致强制迁移虚拟机实例至攻击者控制节点或标记所有节点为不可调度状态。

Description (English)

Kubevirt is a virtual machine manager for the KubeVirt open source. There is a security loophole in Kubevirt 1.5.0 and previous versions, which stems from the over-authorization of the virt-handler service account, which may result in a forced migration of the virtual machine to the attacker ’ s control node or to mark all nodes as non-moveable.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

KubeVirt

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/kubevirt/kubevirt/security/advisories/GHSA-7xgm-5prm-v5gc https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64436

Patch

https://kubevirt.io/