Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kubevirt — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting kubevirt. AI-powered Chinese analysis, POCs, and references for each vulnerability.

KubeVirt enables virtual machine management within Kubernetes environments, bridging traditional VM workloads with container orchestration. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from API misconfigurations or insecure default settings. The project maintains a security-focused approach, with regular patches addressing identified issues. While no major public incidents have been widely reported, the presence of nine CVEs underscores the importance of diligent maintenance and access control when deploying virtual machines in Kubernetes clusters.

Top products by kubevirt: kubevirt containerized-data-importer
CVE IDTitleCVSSSeverityPublished
CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write — kubevirtCWE-200 9.6AICriticalAI2025-11-18
CVE-2025-64433 KubeVirt Arbitrary Container File Read — kubevirtCWE-22 6.5 Medium2025-11-07
CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes — kubevirtCWE-59 5.0 Medium2025-11-07
CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes — kubevirtCWE-269 9.6 -2025-11-07
CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation — kubevirtCWE-703 5.3 Medium2025-11-07
CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing — kubevirtCWE-287 4.7 Medium2025-11-07
CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer — kubevirtCWE-287 4.7 Medium2025-11-07
CVE-2023-26484 On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs — kubevirtCWE-863 8.2 High2023-03-15
CVE-2019-10175 virt-cdi-cloner containerized-data-importer 访问控制错误漏洞 — containerized-data-importerCWE-284 6.5 -2019-06-28

This page lists every published CVE security advisory associated with kubevirt. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.