{"id":"CVE-2025-64434","summary":"KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing","details":"KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.","aliases":["GHSA-ggp9-c99x-54gp","GO-2025-4107"],"modified":"2026-04-10T04:17:30.296736Z","published":"2025-11-07T22:54:04.772Z","related":["CGA-6qxq-34gx-2p5j","SUSE-SU-2025:4330-1","SUSE-SU-2026:20551-1","SUSE-SU-2026:20610-1","openSUSE-SU-2026:20281-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64434.json","cwe_ids":["CWE-287"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64434.json"},{"type":"ADVISORY","url":"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-ggp9-c99x-54gp"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64434"},{"type":"FIX","url":"https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a"},{"type":"FIX","url":"https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b"},{"type":"FIX","url":"https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubevirt/kubevirt","events":[{"introduced":"9a683cafb00c2f919e3fc8e259df1030893a4b13"},{"fixed":"00d03e43e3bf03e563136695a4732b65ed42d764"}]}],"versions":["v1.6.0","v1.6.0-alpha.0","v1.6.0-beta.0","v1.6.0-rc.0","v1.6.0-rc.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64434.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}