CVE-2025-64432

Description

KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt

Affected packages (2)

• Go/kubevirt.io/kubevirtfrom 0, < 1.5.3
• Go/kubevirt.io/kubevirtfrom 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250730135146-231dc69723f3, >= 1.6.0-rc.0, < 1.6.1, >= 1.6.2, < 1.7.0-rc.0

CVSS scores

References (6)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-64432
• PATCHhttps://github.com/kubevirt/kubevirt
• WEBhttps://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a
• WEBhttps://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b
• WEBhttps://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074
• WEBhttps://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286