{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64434", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-11-03T22:12:51.365Z", "datePublished": "2025-11-07T22:54:04.772Z", "dateUpdated": "2025-11-10T19:03:26.345Z"}, "containers": {"cna": {"title": "KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp"}, {"name": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a", "tags": ["x_refsource_MISC"], "url": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a"}, {"name": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b", "tags": ["x_refsource_MISC"], "url": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b"}, {"name": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074", "tags": ["x_refsource_MISC"], "url": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074"}], "affected": [{"vendor": "kubevirt", "product": "kubevirt", "versions": [{"version": "< 1.5.3", "status": "affected"}, {"version": ">= 1.6.0-alpha.0, < 1.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-07T22:54:04.772Z"}, "descriptions": [{"lang": "en", "value": "KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1."}], "source": {"advisory": "GHSA-ggp9-c99x-54gp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-10T19:02:59.922086Z", "id": "CVE-2025-64434", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T19:03:26.345Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64434", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-10T19:02:59.922086Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T19:03:17.018Z"}}], "cna": {"title": "KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing", "source": {"advisory": "GHSA-ggp9-c99x-54gp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "kubevirt", "product": "kubevirt", "versions": [{"status": "affected", "version": "< 1.5.3"}, {"status": "affected", "version": ">= 1.6.0-alpha.0, < 1.6.1"}]}], "references": [{"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp", "name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a", "name": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b", "name": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074", "name": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-07T22:54:04.772Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64434", "state": "PUBLISHED", "dateUpdated": "2025-11-10T19:03:26.345Z", "dateReserved": "2025-11-03T22:12:51.365Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-07T22:54:04.772Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "D06A16D0-A19D-4FC9-BBB2-DD155157AD8E", "versionEndExcluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubevirt:kubevirt:1.6.0:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "78254CFF-E38D-4C0A-AB4B-3F41FCBB2A3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1."}, {"lang": "es", "value": "KubeVirt es un complemento de gesti\u00f3n de m\u00e1quinas virtuales para Kubernetes. Antes de las versiones 1.5.3 y 1.6.1, debido a la l\u00f3gica de verificaci\u00f3n de pares en virt-handler (a trav\u00e9s de verifyPeerCert), un atacante que comprometiese una instancia de virt-handler podr\u00eda explotar estas credenciales compartidas para suplantar a virt-API y ejecutar operaciones privilegiadas contra otras instancias de virt-handler, comprometiendo potencialmente la integridad y disponibilidad de la m\u00e1quina virtual gestionada por esta. Esta vulnerabilidad est\u00e1 corregida en las versiones 1.5.3 y 1.6.1."}], "id": "CVE-2025-64434", "lastModified": "2025-11-25T17:05:28.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-11-07T23:15:45.690", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kubevirt: KubeVirt: API Identity Spoofing Vulnerability", "id": "2413483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413483"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-295", "details": ["KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1."], "name": "CVE-2025-64434", "package_state": [{"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Fix deferred", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}], "public_date": "2025-11-07T22:54:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-64434\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-64434\nhttps://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a\nhttps://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b\nhttps://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074\nhttps://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp"], "statement": "The impact oF this vulnerability is rated MODERATE because successful exploitation requires first compromising a privileged virt-handler component, which is not directly accessible to untrusted users and requires prior breach of Kubernetes node or container security boundaries.\nhe vulnerability stems from shared credentials and inadequate validation that allows a compromised virt-handler to present itself as the legitimate virt-api service when communicating with other virt-handler instances. An attacker who successfully compromises a single virt-handler - a privileged Kubernetes DaemonSet component running on each node, can exploit this authentication weakness to perform lateral movement within the cluster, executing privileged operations on VMs managed by other virt-handler instances on different nodes.", "threat_severity": "Moderate"}