Improper Check or Handling of Exceptional Conditions

CVE-2025-64435

Medium

5.3/10

Summary

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to version 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a Denial-of-Service (DoS).

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-703 - Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

References

Advisory
Advisory
Pull request

Advisory Timeline

Published Nov 07, 2025

Improper Check or Handling of Exceptional Conditions

CVE-2025-64435

Summary

CWE-703 - Improper Check or Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS