{"id":"GO-2025-4102","summary":"KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt","details":"KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes in kubevirt.io/kubevirt","aliases":["CVE-2025-64437","GHSA-2r4r-5x78-mvqf"],"modified":"2026-03-25T20:42:33.469930Z","published":"2025-11-17T19:11:23Z","related":["CGA-m2m2-rm3c-886r"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4102"},"references":[{"type":"ADVISORY","url":"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-2r4r-5x78-mvqf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64437"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/commit/3ce9f41c54d04a65f10b23a46771391c00659afb"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/commit/8644dbe0d04784b0bfa8395b91ecbd6001f88f6b"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/commit/f59ca63133f25de8fceb3e2a0e5cc0b7bdb6a265"}],"affected":[{"package":{"name":"kubevirt.io/kubevirt","ecosystem":"Go","purl":"pkg:golang/kubevirt.io/kubevirt"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.5.3"},{"introduced":"1.6.0-alpha.0"},{"fixed":"1.6.0-beta.0.0.20250801202148-3ce9f41c54d0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4102.json"}}],"schema_version":"1.7.5"}