CVE-2025-64324

EUVD-2025-38316

18.11.2025, 23:15

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
kubevirt	kubevirt	𝑥 < 1.6.1
kubevirt	kubevirt	1.7.0:alpha0
kubevirt	kubevirt	1.7.0:beta0

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

kubevirt-manifests

suse enterprise sap 15 SP7	1.6.3-150700.3.13.1 fixed
suse enterprise server 15 SP7	1.6.3-150700.3.13.1 fixed

kubevirt-virtctl

suse enterprise sap 15 SP7	1.6.3-150700.3.13.1 fixed
suse enterprise server 15 SP7	1.6.3-150700.3.13.1 fixed

Known Exploits!

https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764

https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69

https://github.com/kubevirt/kubevirt/pull/15037

https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh