CVE-2025-64324: KubeVirt Privilege Escalation Vulnerability

CVE-2025-64324 Overview

CVE-2025-64324 affects KubeVirt, a virtual machine management add-on for Kubernetes. The vulnerability resides in the hostDisk feature, which allows mounting a host file or directory owned by user ID (UID) 107 into a virtual machine. A logic flaw in the DiskOrCreate option lets an attacker read and write arbitrary files owned by more privileged users on the host system. The issue is fixed in KubeVirt versions 1.6.1 and 1.7.0.

Critical Impact

A local attacker with VM creation privileges can read and write files owned by privileged users on the Kubernetes node, breaking the VM-to-host isolation boundary.

Affected Products

• KubeVirt versions prior to 1.6.1
• KubeVirt 1.7.0 alpha0
• KubeVirt 1.7.0 beta0

Discovery Timeline

• 2025-11-18 - CVE-2025-64324 published to NVD
• 2025-11-25 - Last updated in NVD database

Technical Details for CVE-2025-64324

Vulnerability Analysis

KubeVirt extends Kubernetes with virtual machine workloads, running VMs inside pods alongside container workloads. The hostDisk feature exposes a file or directory on the underlying Kubernetes node to a VM as a virtual disk. The feature is scoped to files owned by UID 107, the qemu user that KubeVirt uses for VM processes.

The DiskOrCreate mode of hostDisk instructs KubeVirt to create the backing file on the host if it does not already exist. The implementation does not correctly validate ownership and path semantics before performing file operations. An attacker who can submit VM specifications can manipulate this code path to interact with files outside the intended ownership scope.

This maps to [CWE-200] Exposure of Sensitive Information to an Unauthorized Actor. Successful exploitation breaks the boundary between virtual machine workloads and the host node, allowing arbitrary read and write of files owned by more privileged users, including root-owned configuration and credential files.

Root Cause

The root cause is a logic bug in the DiskOrCreate branch of the hostDisk feature. The code permits file creation and access flows that do not enforce the documented UID 107 ownership restriction. Path resolution and ownership checks are insufficient to prevent access to host files owned by other accounts.

Attack Vector

The attack vector is local. An adversary with permission to create or modify VM specifications referencing hostDisk with DiskOrCreate can target arbitrary host paths. Because the attack is mediated through legitimate KubeVirt APIs, exploitation does not require code execution on the host or container escape primitives. The EPSS score of 0.007% reflects a low probability of opportunistic exploitation, but the impact in multi-tenant Kubernetes clusters is significant.

No proof-of-concept code has been published. The technical fix is documented in pull request 15037 and commits 00d03e4 and ff3b69b in the KubeVirt GitHub repository.

Detection Methods for CVE-2025-64324

Indicators of Compromise

• VirtualMachine or VirtualMachineInstance manifests that reference hostDisk volumes with type: DiskOrCreate pointing to sensitive host paths such as /etc, /root, /var/lib/kubelet, or /etc/kubernetes.
• Newly created files on Kubernetes nodes under paths outside /var/lib/kubevirt that are owned by UID 107.
• Audit log entries showing VM creation requests from unexpected namespaces or service accounts that include hostDisk volume definitions.

Detection Strategies

• Enable Kubernetes audit logging for VirtualMachine and VirtualMachineInstance resources and alert on any specification containing hostDisk volumes.
• Use admission controllers such as OPA Gatekeeper or Kyverno to flag or block manifests that request hostDisk with DiskOrCreate.
• Correlate VM creation events with file integrity monitoring on Kubernetes nodes to identify unauthorized changes to host files.

Monitoring Recommendations

• Continuously monitor KubeVirt version inventory across clusters and flag nodes running versions earlier than 1.6.1.
• Track RBAC bindings that grant create or update on virtualmachines and virtualmachineinstances resources to non-administrative principals.
• Log file system events on host paths exposed to VMs and alert on writes originating from qemu processes outside expected directories.

How to Mitigate CVE-2025-64324

Immediate Actions Required

• Upgrade KubeVirt to version 1.6.1 or 1.7.0, which contain the official fix for the DiskOrCreate logic bug.
• Inventory existing VM definitions across all namespaces and remove any unnecessary use of the hostDisk feature.
• Restrict create and update permissions on KubeVirt custom resources to trusted administrators using Kubernetes RBAC.

Patch Information

The maintainers released fixes in KubeVirt 1.6.1 and 1.7.0. The remediation is documented in the GitHub Security Advisory GHSA-46xp-26xh-hpqh and implemented in commits 00d03e43e3bf03e563136695a4732b65ed42d764 and ff3b69b08b6b9c8d08d23735ca8d82455f790a69.

Workarounds

• Disable the HostDisk feature gate in the KubeVirt configuration if the feature is not required for production workloads.
• Use an admission policy to reject any VirtualMachine or VirtualMachineInstance manifest containing hostDisk volumes until clusters are upgraded.
• Limit VM creation rights to a small set of trusted operators and isolate workloads that require hostDisk in dedicated nodes with no sensitive host data.

# Example Kyverno policy snippet to block hostDisk usage cluster-wide
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: block-kubevirt-hostdisk
spec:
  validationFailureAction: Enforce
  rules:
    - name: deny-hostdisk-volumes
      match:
        any:
          - resources:
              kinds:
                - kubevirt.io/v1/VirtualMachine
                - kubevirt.io/v1/VirtualMachineInstance
      validate:
        message: "hostDisk volumes are blocked due to CVE-2025-64324."
        pattern:
          spec:
            =(template):
              =(spec):
                =(volumes):
                  - X(hostDisk): "null"