VDB
CVE-2025-64432
CVE-2025-64432
PUBLISHED
CVSS 4.699999809265137 MEDIUM
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
EPSS 0.02% · 5.9th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
5.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kubevirt.io | kubevirt | 0, 1.6.0-alpha.0, 1.7.0-alpha.0 |
| kubevirt | kubevirt | 1.6.0, < 1.5.3, 1.6.0 |
Exploit Intelligence
- https://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286 (nist-nvd)
- CIRCL seen: CVE-2025-64432 (circl-sighting)
- CIRCL seen: CVE-2025-64432 (circl-sighting)
- CIRCL seen: CVE-2025-64432 (circl-sighting)
- CIRCL seen: CVE-2025-64432 (circl-sighting)
- https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a (circl)
- https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b (circl)
- https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 (circl)
Timeline
- Nov 6, 2025 CVE Published
- Nov 7, 2025 PoC Published
- Nov 7, 2025 PoC Published
- Nov 8, 2025 EPSS Score
- Nov 13, 2025 EPSS Score
- Nov 17, 2025 CVE Updated
- Nov 19, 2025 EPSS Score
- Nov 24, 2025 EPSS Score
- Nov 29, 2025 EPSS Score
- Dec 4, 2025 EPSS Score
- Dec 10, 2025 EPSS Score
- Dec 15, 2025 EPSS Score
References
- https://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286 url
- https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a url
- https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b url
- https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-64432 advisory
- https://github.com/kubevirt/kubevirt package