Key Information Summary Vulnerability Title VMI DoS via Pod Impersonation (VMI Denial-of-Service Using Pod Impersonation) Vulnerability Severity Moderate Vulnerability Identifier CVE-2025-64435 Affected Versions 1.5.0 Vulnerability Description By creating a Pod with the same labels as a legitimate Pod, an attacker can interfere with the control of a VMI (Virtual Machine Instance). This vulnerability may lead to incorrect state updates and potential DoS conditions. Impact Attackers can manipulate the lifecycle of a VMI, interrupting or hijacking control over it. May affect the target node for VMI migration, bypassing node-level security constraints such as and . PoC Complete instructions and specific configuration details are provided to reproduce the vulnerability. Vulnerability Details Detailed explanation of the control mechanism of Pods in various scenarios, including step-by-step attacker actions and example YAML files. CVSS v3 Base Metrics Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High CVSS Score 5.3 / 10 Discoverers Reported by mihailkirov and Faeris95. Remediation Recommendations Ensure a more secure association mechanism between Pods and VMIs. Update the usage of the label to prevent Pod label spoofing. Strengthen the function to ensure accurate identification of the Pod representing a specific VMI.