Количество 6
Количество 6
CVE-2025-64324
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.
CVE-2025-64324
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.
CVE-2025-64324
KubeVirt Vulnerable to Arbitrary Host File Read and Write
GHSA-46xp-26xh-hpqh
KubeVirt Vulnerable to Arbitrary Host File Read and Write
SUSE-SU-2025:4330-1
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
openSUSE-SU-2026:20281-1
Security update for kubevirt
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-64324 KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue. | CVSS3: 6 | 0% Низкий | 4 месяца назад |
 | CVE-2025-64324 KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue. | CVSS3: 7.7 | 0% Низкий | 4 месяца назад |
 | CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write | 0% Низкий | 4 месяца назад | |
| GHSA-46xp-26xh-hpqh KubeVirt Vulnerable to Arbitrary Host File Read and Write | CVSS3: 7.7 | 0% Низкий | 5 месяцев назад |
 | SUSE-SU-2025:4330-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container | 4 месяца назад | ||
| openSUSE-SU-2026:20281-1 Security update for kubevirt | около 1 месяца назад |
Уязвимостей на страницу