Peer Verification Bypass in KubeVirt Affecting Kubernetes Management
CVE-2025-64434
4.7MEDIUM
What is CVE-2025-64434?
KubeVirt, a virtual machine management add-on for Kubernetes, has a vulnerability where improper peer verification logic in virt-handler can be exploited. An attacker who gains control over a virt-handler instance can leverage shared credentials to impersonate virt-api. This may lead to unauthorized privileged operations against other virt-handler instances, endangering the integrity and availability of the managed VMs. To mitigate this risk, users are required to upgrade to KubeVirt versions 1.5.3 or 1.6.1 and above.
Affected Version(s)
kubevirt < 1.5.3 < 1.5.3
kubevirt >= 1.6.0-alpha.0, < 1.6.1 < 1.6.0-alpha.0, 1.6.1