CVE-2025-14525
MEDIUMkubevirt - Denial of Service via Excessive Network Interface Reporting
Title source: llmDescription
A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14525
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2421360
Scores
CVSS v3
6.4
EPSS
0.0026
EPSS Percentile
17.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (2)
kubevirt.io/kubevirt
0Go
Red Hat/Red Hat OpenShift Virtualization 4
Published
Jan 26, 2026
Tracked Since
Feb 18, 2026