{"id":"GO-2025-4110","summary":"KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt","details":"KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt","aliases":["CVE-2025-64324","GHSA-46xp-26xh-hpqh"],"modified":"2026-03-25T20:40:12.748914Z","published":"2025-11-17T19:11:23Z","related":["CGA-g7pw-q6w8-cpxr"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-4110","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-46xp-26xh-hpqh"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/commit/00d03e43e3bf03e563136695a4732b65ed42d764"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/commit/ff3b69b08b6b9c8d08d23735ca8d82455f790a69"},{"type":"WEB","url":"https://github.com/kubevirt/kubevirt/pull/15037"}],"affected":[{"package":{"name":"kubevirt.io/kubevirt","ecosystem":"Go","purl":"pkg:golang/kubevirt.io/kubevirt"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.6.1"},{"introduced":"1.6.2"},{"fixed":"1.7.0-rc.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4110.json"}}],"schema_version":"1.7.5"}