KubeVirt Vulnerable to Arbitrary Host File Read and Write

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.

AI Analysis

KubeVirt vulnerability allowing arbitrary host file read and write

Basic Information

ID CVE-2025-64324

Source GitHub_M

Published Nov 18, 2025 at 22:10

Affected Product

Vendor kubevirt

Product kubevirt

Affected Versions kubevirt kubevirt 0
kubevirt kubevirt 1.7.0-alpha.0

CWE Classification

CWE-200 CWE-732

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor KubeVirt

Product KubeVirt

Version 0, versions prior to 1.6.1 and 1.7.0

References

{
    "lastseen": "",
    "description": "KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.",
    "published": "2025-11-18T22:10:19.661Z",
    "modified": "2025-11-18T22:10:19.661Z",
    "type": "cve",
    "title": "KubeVirt Vulnerable to Arbitrary Host File Read and Write",
    "source": "GitHub_M",
    "references": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh\nhttps://github.com/kubevirt/kubevirt/pull/15037\nhttps://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764\nhttps://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69",
    "id": "CVE-2025-64324",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "kubevirt kubevirt 0\nkubevirt kubevirt 1.7.0-alpha.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kubevirt",
    "version": "0",
    "vendor": "kubevirt",
    "ai_description": "KubeVirt vulnerability allowing arbitrary host file read and write",
    "ai_severity": "High",
    "ai_vendor": "KubeVirt",
    "ai_product": "KubeVirt",
    "ai_version": "0, versions prior to 1.6.1 and 1.7.0",
    "ai_score": 8.5
}

KubeVirt Vulnerable to Arbitrary Host File Read and Write_CVE-2025-64324