CVE-2025-58354

Kata Containers coco-tdx malicious host can circumvent initdata verification

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.

INFO

Published Date :

2025-09-23T21:08:47.147Z

Last Modified :

2025-09-24T13:22:15.628Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-58354 vulnerability.

Vendors	Products
Katacontainers	Kata-containers

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58354.

URL	Resource
https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0
https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m
https://nvd.nist.gov/vuln/detail/CVE-2025-58354
https://www.cve.org/CVERecord?id=CVE-2025-58354