Description

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0.

INFO

Published Date :

2025-11-07T22:57:02.600Z

Last Modified :

2025-11-10T19:01:13.977Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64435 vulnerability.

Vendors Products
Kubevirt
  • Kubevirt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64435.

URL Resource
https://github.com/kubevirt/kubevirt/commit/9a6f4a3a707992038ef705da4cb3bba8c89d36ba cve-icon cve-icon cve-icon
https://github.com/kubevirt/kubevirt/security/advisories/GHSA-9m94-w2vq-hcf9 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-64435 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-64435 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact