CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

Kubevirt 授权问题漏洞

Kubevirt is an open source virtual machine manager from KubeVirt. An authorization issue vulnerability exists in Kubevirt versions prior to 1.5.3 and prior to 1.6.1, which stems from a flaw in the peer validation logic in virt-handler, which could allow an attacker to impersonate the virt-api and...