| id: GO-2025-4103 |
| modules: |
| - module: kubevirt.io/kubevirt |
| versions: |
| - fixed: 1.5.3 |
| - introduced: 1.6.0-alpha.0 |
| - fixed: 1.6.0-beta.0.0.20250730135146-231dc69723f3 |
| - introduced: 1.6.0-rc.0 |
| - fixed: 1.6.1 |
| - introduced: 1.6.2 |
| - fixed: 1.7.0-rc.0 |
| vulnerable_at: 1.7.0-beta.0 |
| summary: KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt |
| cves: |
| - CVE-2025-64432 |
| ghsas: |
| - GHSA-38jw-g2qx-4286 |
| references: |
| - advisory: https://github.com/kubevirt/kubevirt/security/advisories/GHSA-38jw-g2qx-4286 |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-64432 |
| - web: https://github.com/kubevirt/kubevirt/commit/231dc69723f331dc02f65a31ab4c3d6869f40d6a |
| - web: https://github.com/kubevirt/kubevirt/commit/af2f08a9a186eccc650f87c30ab3e07b669e8b5b |
| - web: https://github.com/kubevirt/kubevirt/commit/b9773bc588e6e18ece896a2dad5336ef7a653074 |
| source: |
| id: GHSA-38jw-g2qx-4286 |
| created: 2025-11-17T13:01:17.263900032-05:00 |
| review_status: UNREVIEWED |
