216.73.217.98

CVE-2025-64436

· Published 07/11/2025 23:15 · Modified 25/11/2025 17:17

Labels: CVE-2025-64436 2025-11-07CVE-2025-64436CWE-269[email protected]

Essential information

Published
07/11/2025 23:15
Modified
25/11/2025 17:17
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could otherwise allow an attacker to mark all nodes as unschedulable, potentially forcing the migration or creation of privileged pods onto a compromised node.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
kubevirt / kubevirt cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*
kubevirt / kubevirt cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*

References