Denial of Service Vulnerability in KubeVirt by Red Hat
CVE-2025-14525

6.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Virtualization 4
Vendor: CVE Published:; 26 January 2026

What is CVE-2025-14525?

A flaw has been identified in KubeVirt where an active guest agent within a virtual machine can be exploited by manipulating the reporting of an excessive number of network interfaces. This poses a risk as it can overwhelm the system's capacity to manage Virtual Machine Instance (VMI) configuration updates. As a result, the virtual machine administrator may face restrictions in managing the VM, effectively leading to a denial of service for administrative tasks.

References

https://access.redhat.com/security/cve/CVE-2025-14525

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2421360

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2025-14525 Data

JSON