Vulnerability-Lookup

FKIE_CVE-2025-14459

Vulnerability from fkie_nvd - Published: 2026-01-26 20:16 - Updated: 2026-04-15 00:35

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Summary

A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2026:0950
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-14459
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2420938

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en KubeVirt Containerized Data Importer (CDI). Esta vulnerabilidad permite a un usuario clonar PersistentVolumeClaims (PVCs) desde espacios de nombres no autorizados, lo que resulta en acceso no autorizado a datos a trav\u00e9s del mecanismo de origen de PVC DataImportCron."
    }
  ],
  "id": "CVE-2025-14459",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.7,
        "source": "secalert@redhat.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-26T20:16:07.983",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:0950"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-14459"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-14459 (GCVE-0-2025-14459)

Vulnerability from cvelistv5 – Published: 2026-01-26 19:36 – Updated: 2026-01-26 21:01

Title

Virt-cdi-controller: unauthorized pvc cloning via dataimportcron

Summary

Severity ?

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:0950	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-14459	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2420938	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

RHEL-9-CNV-4.19

Unaffected: v4.19.17-5 , < * (rpm)
cpe:/a:redhat:container_native_virtualization:4.19::el9

Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-4 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-3 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17.rhel9-82 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-4 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-4 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-4 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-7 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-7 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-6 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-85 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-11 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-19 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-88 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-8 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-8 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-8 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-7 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-7 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-7 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-8 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-8 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-4 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-9 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-12 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	RHEL-9-CNV-4.19	Unaffected: v4.19.17-5 , < * (rpm) cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4

Date Public ?

2026-01-08 10:10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T21:01:20.724005Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-26T21:01:36.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/aaq-controller-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/aaq-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/aaq-server-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/bridge-marker-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/cluster-network-addons-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/cnv-containernetworking-plugins-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/cnv-must-gather-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hco-bundle-registry-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17.rhel9-82",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hostpath-csi-driver-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hostpath-provisioner-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hostpath-provisioner-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hyperconverged-cluster-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/hyperconverged-cluster-webhook-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubemacpool-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubesecondarydns-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-api-lifecycle-automation-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-apiserver-proxy-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-common-instancetypes-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-console-plugin-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-85",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-dpdk-checkup-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-ipam-controller-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-realtime-checkup-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-ssp-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-storage-checkup-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/kubevirt-template-validator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/libguestfs-tools-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/multus-dynamic-networks-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/ocp-virt-validation-checkup-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/ovs-cni-plugin-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/passt-network-binding-plugin-cni-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/pr-helper-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/sidecar-shim-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-88",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-api-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-artifacts-server-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-apiserver-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-cloner-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-controller-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-importer-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadproxy-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-cdi-uploadserver-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-controller-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportproxy-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virtio-win-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-launcher-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-operator-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/vm-console-proxy-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/vm-network-latency-checkup-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/wasp-agent-rhel9",
          "product": "RHEL-9-CNV-4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.19.17-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "container-native-virtualization/virt-cdi-controller",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-01-08T10:10:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T19:36:29.709Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:0950",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0950"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14459"
        },
        {
          "name": "RHBZ#2420938",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-10T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-01-08T10:10:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Virt-cdi-controller: unauthorized pvc cloning via dataimportcron",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14459",
    "datePublished": "2026-01-26T19:36:29.709Z",
    "dateReserved": "2025-12-10T15:18:02.606Z",
    "dateUpdated": "2026-01-26T21:01:36.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-14459

CVE-2025-14459 (GCVE-0-2025-14459)

Tags

Sightings

Nomenclature