## This update for kubevirt fixes the following issues: Update to version 1.7.0 (bsc#1257128). Security issues fixed: * CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS (bsc#1253189). * CVE-2024-45310: kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can be tricked into creating empty files/directories on host (bsc#1257422). * CVE-2025-22872: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241772). * CVE-2025-64432: fail to correctly validate certain fields in the client TLS certificate may allow an attacker to bypass existing RBAC controls (bsc#1253181). * CVE-2025-64433: improper symlink handling can allow to read arbitrary files (bsc#1253185).
* bsc#1241772
* bsc#1253181
* bsc#1253185
* bsc#1253186
* bsc#1253189
* bsc#1253194
* bsc#1253748
* bsc#1257128
* bsc#1257422
Cross-
* CVE-2024-45310
* CVE-2025-22872
* CVE-2025-64324
* CVE-2025-64432
* CVE-2025-64433
* CVE-2025-64434
* CVE-2025-64435
* CVE-2025-64437
CVSS scores:
* CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-64324 ( SUSE ): 8.5
Get the latest Linux and open source security news straight to your inbox.