CVE-2025-58354 | THREATINT

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.

PUBLISHED Reserved 2025-08-29 | Published 2025-09-23 | Updated 2025-09-24 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-754: Improper Check for Unusual or Exceptional Conditions

Product status

< 3.21.0

affected

References

github.com/...ainers/security/advisories/GHSA-989w-4xr2-ww9m

github.com/...ommit/3e67f92e34be974e792c153add76e4e4baac9de0

cve.org (CVE-2025-58354)

nvd.nist.gov (CVE-2025-58354)

Download JSON