CNNVD-202511-752 Information
CNNVD ID
CNNVD-202511-752
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
Kubevirt是KubeVirt开源的一款虚拟机管理器。 Kubevirt 1.5.3之前版本和1.6.1之前版本存在授权问题漏洞,该漏洞源于virt-handler中的peer验证逻辑存在缺陷,可能导致攻击者冒充virt-api执行特权操作。
Description (English)
Kubevirt is a virtual machine manager for the KubeVirt open source. The previous version of Kubevirt 1.5.3 and the previous version of 1.6.1 had a mandate gap, which stemmed from the defects in the virt-handler’s Peer verification logic, which could lead to the attacker impersonating virt-api as a privilege.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
KubeVirt
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp https://access.redhat.com/security/cve/cve-2025-64434 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64434 https://vigilance.fr/vulnerability/KubeVirt-five-vulnerabilities-dated-09-12-2025-49023