CVE-2025-64433

CVE-2025-64433 affects KubeVirt prior to 1.5.3 and 1.6.1, enabling a VM to read arbitrary files from the virt-launcher pod filesystem via improper symlink handling when mounting PVCs. The issue arises when a malicious user controls PVC contents and can create a symlink to a file in the virt-launc...

EUVD-2022-6544

Malicious code in bioql PyPI...

CVE-2022-1798

A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/ is not accessible...

CVE-2022-1798 Path Traversal vulnerability in Kubevirt

A path traversal vulnerability in KubeVirt versions up to 0.56 and 0.55.1 on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/ is not accessible...

KubeVirt vulnerable to arbitrary file read on host

As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the...