Cybersecurity Vulnerabilities

KubeVirt Hit by Critical Vulnerability (CVE-2025-64324): Arbitrary File Access on Host System!

November 19, 2025 - By 

Published: 2025-11-18

Overview

A critical security vulnerability, identified as CVE-2025-64324, has been discovered in KubeVirt, a virtual machine management add-on for Kubernetes. This vulnerability affects the `hostDisk` feature, potentially allowing attackers to read and write arbitrary files on the host system with elevated privileges.

Technical Details

The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a virtual machine. The vulnerability lies in the implementation of this feature, specifically within the `DiskOrCreate` option. A logic flaw allows a malicious actor to bypass intended security restrictions. By exploiting this flaw, an attacker can manipulate files and directories owned by users with higher privileges than UID 107 on the host machine.

The core issue stems from insufficient validation and privilege separation during the file creation process when using the `DiskOrCreate` option. This lack of proper security checks enables the arbitrary file read and write capability.

CVSS Analysis

Due to missing CVSS score and severity in the data provided, this section will be updated as soon as the correct information is available. The impact of this vulnerability is considered HIGH due to the potential for complete system compromise.

Possible Impact

Successful exploitation of CVE-2025-64324 can have severe consequences:

  • Arbitrary File Access: Attackers can read sensitive configuration files, access credentials, and exfiltrate confidential data.
  • Privilege Escalation: Write access to critical system files could lead to complete system compromise and root-level access.
  • Denial of Service: By modifying or deleting essential system files, attackers can cause system instability and denial of service conditions.
  • Container Escape: In a containerized environment, this vulnerability could potentially lead to container escape and compromise of the underlying host system.

Mitigation and Patch Steps

The vulnerability has been addressed in KubeVirt versions 1.6.1 and 1.7.0. It is strongly recommended that all KubeVirt users upgrade to one of these versions (or a later version) immediately to mitigate the risk.

To upgrade KubeVirt, follow the official upgrade documentation provided by the KubeVirt project. Refer to the appropriate guide based on your current KubeVirt version.

Workaround (if immediate upgrade is not possible): If you cannot immediately upgrade, as a temporary workaround, avoid using the `hostDisk` feature with the `DiskOrCreate` option. Carefully review all KubeVirt configurations and remove or disable any instances where this combination is used.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *