CNNVD-202511-753 Information
CNNVD ID
CNNVD-202511-753
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
Kubevirt是KubeVirt开源的一款虚拟机管理器。 KubeVirt 1.5.3之前版本和1.6.1之前版本存在路径遍历漏洞,该漏洞源于符号链接处理不当和文件所有权更改问题,可能导致读取virt-launcher pod文件系统中的任意文件。
Description (English)
Kubevirt is a virtual machine manager for the KubeVirt open source. There is a loophole in the path before KubeVirt 1.5.3 and before 1.6.1, which stems from mishandling of symbol links and changes in document ownership, which may lead to the reading of any file in the virt-launcher pod file system.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
KubeVirt
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/kubevirt/kubevirt/commit/9dc798cb1efe924a9a2b97b6e016452dec5e3849 https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qw6q-3pgr-5cwq https://github.com/kubevirt/kubevirt/commit/a81b27d4600cf654274dd197119658382affdb08 https://github.com/kubevirt/kubevirt/commit/09eafa068ec01eca0e96ebafeeb9522a878dbf64 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64433 https://vigilance.fr/vulnerability/KubeVirt-five-vulnerabilities-dated-09-12-2025-49023