You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
kubevirt rbac
About this tag
The kubevirt rbac tag covers discussions about role-based access control (RBAC) configurations and vulnerabilities in KubeVirt, the Kubernetes extension for managing virtual machines. A prominent thread highlights CVE-2025-64436, a privilege-management flaw where excessive permissions in the virt-handler service account allowed attackers to force VM migrations and concentrate workloads on compromised nodes. The fix in KubeVirt 1.7.0 restricts these permissions. Topics include securing service accounts, minimizing RBAC roles, and preventing privilege escalation in Kubernetes environments running KubeVirt. Operators should audit RBAC policies to avoid similar excessive permissions.
KubeVirt maintainers disclosed a privilege-management flaw, tracked as CVE-2025-64436, where excessive permissions granted to the virt-handler service account could be abused to force Virtual Machine Instance (VMI) migrations or otherwise concentrate VM workloads on attacker-controlled nodes — a...