What is the CVSS score of CVE-2025-64434?

CVE-2025-64434 has a CVSS 3.1 base score of 4.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Kubernetes are affected by CVE-2025-64434?

Organizations using KubeVirt should be aware of moderate risk from CVE-2025-64434, a improper authentication vulnerability rated CVSS 4.7. This could allow unauthorized access to protected resources.. A patch is available.

Is there a public PoC exploit available for CVE-2025-64434?

Yes, a public proof-of-concept exploit is available for CVE-2025-64434. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-64434?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Audit authentication configurations.

Kubernetes CVE-2025-64434

MEDIUM

Improper Authentication (CWE-287)

2025-11-07 security-advisories@github.com

Authentication Bypass Kubernetes Red Hat Suse Kubevirt

4.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:21 vuln.today

Patch released

Mar 28, 2026 - 19:21 nvd

Patch available

PoC Detected

Nov 25, 2025 - 17:05 vuln.today

Public exploit code

CVE Published

Nov 07, 2025 - 23:15 nvd

MEDIUM 4.7

DescriptionNVD

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.

AnalysisAI

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 4.7). Public exploit code available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1. Affected products include: Kubevirt. Version information: Prior to 1.5.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.