CVE-2025-64432

{"id": "CVE-2025-64432", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2025-11-07T19:16:26.833", "references": [{"url": "https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to correctly authenticate the client when receiving API requests over mTLS. In particular, it fails to validate the CN (Common Name) field in the received client TLS certificates against the set of allowed values defined in the extension-apiserver-authentication configmap. Failre to validate certain fields in the client TLS certificate may allow an attacker to bypass existing RBAC controls by directly communicating with the aggregated API server, impersonating the Kubernetes API server and its aggregator component. This issue is fixed in versions 1.5.3 and 1.6.1."}, {"lang": "es", "value": "KubeVirt es un complemento de gesti\u00f3n de m\u00e1quinas virtuales para Kubernetes. Las versiones 1.5.3 e inferiores, y 1.6.0 conten\u00edan una implementaci\u00f3n defectuosa del flujo de autenticaci\u00f3n de la capa de agregaci\u00f3n de Kubernetes que podr\u00eda permitir la elusi\u00f3n de los controles RBAC. Se descubri\u00f3 que el componente virt-API no logra autenticar correctamente al cliente al recibir solicitudes de API a trav\u00e9s de mTLS. En particular, no logra validar el campo CN (Common Name) en los certificados TLS del cliente recibidos contra el conjunto de valores permitidos definidos en el configmap 'extension-apiserver-authentication'. La falta de validaci\u00f3n de ciertos campos en el certificado TLS del cliente puede permitir a un atacante eludir los controles RBAC existentes al comunicarse directamente con el servidor API agregado, suplantando al servidor API de Kubernetes y su componente agregador. Este problema est\u00e1 corregido en las versiones 1.5.3 y 1.6.1."}], "lastModified": "2025-11-25T15:56:30.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "D06A16D0-A19D-4FC9-BBB2-DD155157AD8E", "versionEndExcluding": "1.5.3"}, {"criteria": "cpe:2.3:a:kubevirt:kubevirt:1.6.0:-:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "7AC531A2-1D99-4F6E-8C95-57B3B6B15681"}, {"criteria": "cpe:2.3:a:kubevirt:kubevirt:1.6.0:rc0:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "3A5C8C2B-705D-435E-93A7-0523DC4A97BE"}, {"criteria": "cpe:2.3:a:kubevirt:kubevirt:1.6.0:rc1:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "A6326DB3-2CBC-4B85-94C8-9F2B2B458548"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}