CVE-2025-64324

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

ubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.

References

Link	Resource
https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764	Patch
https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69	Patch
https://github.com/kubevirt/kubevirt/pull/15037	Issue Tracking
https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kubevirt:kubevirt::::::kubernetes::*
	cpe:2.3:a:kubevirt:kubevirt:1.7.0:alpha0::::kubernetes::*
	cpe:2.3:a:kubevirt:kubevirt:1.7.0:beta0::::kubernetes::*

History

25 Nov 2025, 17:16

Type	Values Removed	Values Added
First Time		Kubevirt Kubevirt kubevirt
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.7
CPE		cpe:2.3:a:kubevirt:kubevirt:1.7.0:beta0::::kubernetes::* cpe:2.3:a:kubevirt:kubevirt::::::kubernetes::* cpe:2.3:a:kubevirt:kubevirt:1.7.0:alpha0::::kubernetes::*
References	~~() https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764 -~~	() https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764 - Patch
References	~~() https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69 -~~	() https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69 - Patch
References	~~() https://github.com/kubevirt/kubevirt/pull/15037 -~~	() https://github.com/kubevirt/kubevirt/pull/15037 - Issue Tracking
References	~~() https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh -~~	() https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh - Exploit, Vendor Advisory

18 Nov 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-18 23:15

Updated : 2025-11-25 17:16

NVD link : CVE-2025-64324

Mitre link : CVE-2025-64324

CVE.ORG link : CVE-2025-64324

JSON object : View

Products Affected

kubevirt

kubevirt

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-732

Incorrect Permission Assignment for Critical Resource

7.7 /10