VDB
CVE-2025-64434
CVE-2025-64434
PUBLISHED
CVSS 4.699999809265137 MEDIUM
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
EPSS 0.02% · 5.7th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
5.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kubevirt | kubevirt | < 1.5.3, 1.6.0, 0 |
| kubevirt.io | kubevirt | 1.6.0-alpha.0, 0 |
Exploit Intelligence
- https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp (nist-nvd)
- CIRCL seen: CVE-2025-64434 (circl-sighting)
- https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a (circl)
- https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b (circl)
- https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 (circl)
- test_suggest_description.py (github-poc)
- test_suggest_description.py (github-poc)
- test_suggest_description.py (github-poc)
- test_suggest_description.py (github-poc)
- test_suggest_description.py (github-poc)
…and 3 more exploits
Timeline
- Nov 6, 2025 CVE Published
- Nov 7, 2025 PoC Published
- Nov 8, 2025 EPSS Score
- Nov 13, 2025 EPSS Score
- Nov 19, 2025 EPSS Score
- Nov 24, 2025 EPSS Score
- Nov 27, 2025 CVE Updated
- Nov 29, 2025 EPSS Score
- Dec 4, 2025 EPSS Score
- Dec 10, 2025 EPSS Score
- Dec 15, 2025 EPSS Score
- Dec 20, 2025 EPSS Score
References
- https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp url
- https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a url
- https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b url
- https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-64434 advisory
- https://github.com/kubevirt/kubevirt package