Home

Description

A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations.

PUBLISHED Reserved 2025-12-11 | Published 2026-01-26 | Updated 2026-01-26 | Assigner redhat




MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status
affected

Timeline

2025-12-11:Reported to Red Hat.
2026-01-09:Made public.

References

access.redhat.com/security/cve/CVE-2025-14525 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2421360 (RHBZ#2421360) issue-tracking

cve.org (CVE-2025-14525)

nvd.nist.gov (CVE-2025-14525)

Download JSON