Improper Link Resolution

kubevirt.io/kubevirt is vulnerable to improper link resolution. The vulnerability is due to lack of verification of whether the launcher-sock is a symlink or regular file, which allows an attacker with control over the virt-launcher pod file system to manipulate file ownership on the host and...

Improper Symlink Handling

kubevirt.io/kubevirt is vulnerable to improper symlink handling. The vulnerability is due to improper validation of symbolic links in PVC disk mounting along with incorrect file ownership changes, which allows an attacker with control over PVC contents to create malicious symlinks and read...

SUSE CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper symlink handling during the mounting process. An attacker can access and read arbitrary files from the virt-launcher pod's file system by creating a symbolic link within a PVC that points to sensitive...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper symlink handling during the mounting process. An attacker can access and read arbitrary files from the virt-launcher pod's file system by creating a symbolic link within a PVC that points to sensitive...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can disrupt control over a running virtual machine instance by creating a pod with identical labels to the legitimate virt-launcher pod, misleading the controller into associating the fake pod with t...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack due to failing to verify whether launcher-sock is a symlink or a regular file. An attacker that can access a virt-launcher pod's file system and has access to the host file system with the privileges of the qemu user and...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack due to failing to verify whether launcher-sock is a symlink or a regular file. An attacker that can access a virt-launcher pod's file system and has access to the host file system with the privileges of the qemu user and...

CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

AZL-69958 CVE-2025-64433 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

AZL-69799 CVE-2025-64433 affecting package kubevirt for versions less than 1.5.3-2

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

AZL-69964 CVE-2025-64435 affecting package kubevirt for versions less than 0.59.0-33

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

CVE-2025-64433 KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

CVE-2025-64433

CVE-2025-64433 affects KubeVirt prior to 1.5.3 and 1.6.1, enabling a VM to read arbitrary files from the virt-launcher pod filesystem via improper symlink handling when mounting PVCs. The issue arises when a malicious user controls PVC contents and can create a symlink to a file in the virt-launc...

CVE-2025-64433 KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...