CVE-2025-64434
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-11-25

Assigner: GitHub, Inc.

Description
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-07
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-11-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64434
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kubevirt kubevirt to 1.5.3 (exc)
kubevirt kubevirt 1.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Upgrade KubeVirt to version 1.5.3 or 1.6.1 or later, as these versions contain the fix for this vulnerability.

Executive Summary

This vulnerability in KubeVirt's virt-handler component allows an attacker who compromises one virt-handler instance to use shared credentials to impersonate the virt-api service. This impersonation enables the attacker to perform privileged operations on other virt-handler instances, potentially compromising the integrity and availability of the virtual machines managed by those instances. The issue is due to flaws in the peer verification logic and is fixed in versions 1.5.3 and 1.6.1.

Impact Analysis

If exploited, this vulnerability could allow an attacker to execute privileged operations on virtual machine instances managed by KubeVirt, potentially leading to disruption or compromise of those virtual machines. This impacts the availability and integrity of the virtual machines, which could affect services relying on them.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64434. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart