ByteOS Network

NVD Vulnerability Details :

CVE-2025-64434

Analyzed

Source-security-advisories@github.com

Published At-07 Nov, 2025 | 23:15

Updated At-25 Nov, 2025 | 17:05

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	3.1	6.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

CPE Matches

kubevirt>>kubevirt>>Versions before 1.5.3(exclusive)

cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*

kubevirt>>kubevirt>>1.6.0

cpe:2.3:a:kubevirt:kubevirt:1.6.0:*:*:*:*:kubernetes:*:*