SB2025120936 - SUSE update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025120936

SB2025120936 - SUSE update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t

Published: December 9, 2025

Security Bulletin ID SB2025120936
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2025-22872)

The vulnerability allows a remote attacker to perform code injection attacks.

The vulnerability exists due to insufficient validation of tags with unquoted attribute values that end with a solidus character (/). The tokenizer can interpret such tags as self-closing, leading to content following such tags as being placed in the wrong scope during DOM construction.


2) Incorrect permission assignment for critical resource (CVE-ID: CVE-2025-64324)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a logic bug in the code of the virt-handler component. A remote attacker can read and write arbitrary files on the system.


3) Improper Authentication (CVE-ID: CVE-2025-64432)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests in the Kubernetes aggregation layer. A local user can bypass the RBAC controls on the system.


4) Information disclosure (CVE-ID: CVE-2025-64433)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to erroneous handling of symlinks defined within a PVC disk. A remote user can read any file present in the virt-launcher pod.


5) Improper Authentication (CVE-ID: CVE-2025-64434)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to improper TLS certificate management within virt-handler. A local user can execute privileged operations against other virt-handler instances.


6) Link following (CVE-ID: CVE-2025-64437)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an insecure link following issue when determining the root mount of a virt-launcher pod. A local administrator can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.


Remediation

Install update from vendor's website.

References