Lucene search
K

11 matches found

Veracode
Veracode
added 2026/04/07 4:11 p.m.4 views

Improper Link Resolution

kubevirt.io/kubevirt is vulnerable to improper link resolution. The vulnerability is due to lack of verification of whether the launcher-sock is a symlink or regular file, which allows an attacker with control over the virt-launcher pod file system to manipulate file ownership on the host and...

5CVSS6AI score0.00191EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/11/11 12:23 a.m.3 views

SUSE CVE-2025-64437

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

3.9CVSS7AI score0.00191EPSS
Exploits1References7
NVD
NVD
added 2025/11/07 11:15 p.m.5 views

CVE-2025-64437

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS0.00191EPSS
Exploits1References4
OSV
OSV
added 2025/11/07 11:15 p.m.5 views

AZL-69805 CVE-2025-64437 affecting package kubevirt for versions less than 1.5.3-2

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS7.4AI score0.00191EPSS
Exploits1References1
OSV
OSV
added 2025/11/07 11:15 p.m.4 views

AZL-69970 CVE-2025-64437 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS6.2AI score0.00191EPSS
Exploits1References1
CVE
CVE
added 2025/11/07 11:4 p.m.38 views

CVE-2025-64437

KubeVirt (virt-handler) vulnerability CVE-2025-64437 affects versions before 1.5.3 and 1.6.1. The issue is that virt-handler does not verify whether the launcher-sock is a symlink or a regular file, allowing an attacker who controls the virt-launcher pod’s filesystem to change ownership of arbitr...

5CVSS6.6AI score0.00191EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/07 11:4 p.m.2 views

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS6.3AI score0.00191EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/07 11:4 p.m.10 views

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS0.00191EPSS
Exploits1References4
OSV
OSV
added 2025/11/07 11:4 p.m.7 views

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

5CVSS7AI score0.00191EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.8 views

Kubevirt 后置链接漏洞

Kubevirt is an open source virtual machine manager for KubeVirt. A back-linking vulnerability exists in KubeVirt versions prior to 1.5.3 and prior to 1.6.1, which stems from virt-handler not verifying that the launcher-sock is a symbolic link or a regular file, which could result in the ownership...

5CVSS5.5AI score0.00191EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45440

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw where the virt-handler does not validate if the launcher-sock is a symbolic link or a...

5CVSS5.4AI score0.00191EPSS
Exploits1References57
Rows per page
Query Builder