Kubevirt: kubevirt: vm administration denial of service via guest agent

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Description

A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations.

Basic Information

ID CVE-2025-14525

Source redhat

Published Jan 26, 2026 at 19:36

Affected Product

Vendor Red Hat

Product Red Hat OpenShift Virtualization 4

CWE Classification

CWE-770

References

{
    "lastseen": "",
    "description": "A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations.",
    "published": "2026-01-26T19:36:43.721Z",
    "modified": "2026-01-26T19:36:43.721Z",
    "type": "cve",
    "title": "Kubevirt: kubevirt: vm administration denial of service via guest agent",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2025-14525\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2421360",
    "id": "CVE-2025-14525",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat OpenShift Virtualization 4",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kubevirt: kubevirt: vm administration denial of service via guest agent_CVE-2025-14525