Home

Description

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.

PUBLISHED Reserved 2025-10-30 | Published 2025-11-18 | Updated 2025-11-20 | Assigner GitHub_M




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 1.6.1
affected

1.7.0-alpha.0 (custom) before 1.7.0-rc.0
affected

References

github.com/...bevirt/security/advisories/GHSA-46xp-26xh-hpqh

github.com/kubevirt/kubevirt/pull/15037

github.com/...ommit/00d03e43e3bf03e563136695a4732b65ed42d764

github.com/...ommit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69

cve.org (CVE-2025-64324)

nvd.nist.gov (CVE-2025-64324)

Download JSON