CVE-2025-58354

MEDIUM

Kata Containers <3.20.0 - Privilege Escalation

Title source: llm

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.

References (2)

[Vendor Advisory] https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m

[Patch] https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0

View Patch ZIP pw:eip

Scores

CVSS v4 6.9

EPSS 0.0006

EPSS Percentile 19.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (1)

kata-containers/kata-containers < 3.21.0

Published Sep 23, 2025

Tracked Since Feb 18, 2026