{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58354", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-29T16:19:59.010Z", "datePublished": "2025-09-23T21:08:47.147Z", "dateUpdated": "2025-09-24T13:22:15.628Z"}, "containers": {"cna": {"title": "Kata Containers coco-tdx malicious host can circumvent initdata verification", "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "lang": "en", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m"}, {"name": "https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0", "tags": ["x_refsource_MISC"], "url": "https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0"}], "affected": [{"vendor": "kata-containers", "product": "kata-containers", "versions": [{"version": "< 3.21.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-23T21:08:47.147Z"}, "descriptions": [{"lang": "en", "value": "Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0."}], "source": {"advisory": "GHSA-989w-4xr2-ww9m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-24T13:21:07.993011Z", "id": "CVE-2025-58354", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:22:15.628Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58354", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-24T13:21:07.993011Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:21:16.555Z"}}], "cna": {"title": "Kata Containers coco-tdx malicious host can circumvent initdata verification", "source": {"advisory": "GHSA-989w-4xr2-ww9m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "kata-containers", "product": "kata-containers", "versions": [{"status": "affected", "version": "< 3.21.0"}]}], "references": [{"url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m", "name": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0", "name": "https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-23T21:08:47.147Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58354", "state": "PUBLISHED", "dateUpdated": "2025-09-24T13:22:15.628Z", "dateReserved": "2025-08-29T16:19:59.010Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-09-23T21:08:47.147Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0."}], "id": "CVE-2025-58354", "lastModified": "2025-09-24T18:11:24.520", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-09-23T21:15:52.213", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0"}, {"source": "security-advisories@github.com", "url": "https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "kata-containers: Kata Containers coco-tdx malicious host can circumvent initdata verification", "id": "2397724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397724"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "status": "draft"}, "cwe": "CWE-754", "details": ["Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.", "A vulnerability has been identified in Kata Containers that allows a malicious host to bypass a critical security check designed to validate workloads. On systems using TDX technology for confidential computing, an attacker with control of the host system can intentionally disrupt operations to skip this verification process. This flaw allows the attacker to run unauthorized code inside a secure, isolated virtual environment while making the malicious software appear as a trusted application."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-58354", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "kata-containers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-09-23T21:08:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-58354\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-58354\nhttps://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c153add76e4e4baac9de0\nhttps://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m"], "statement": "This vulnerability has been rated as having a Moderate severity by Red Hat Product Security team. This happens because of the limited impact in the availability and confidentiality caused by the exploitation of this flaw, additionally to be able to exploit this vulnerability the attacker needs to have host permission level.\nIn this flaw and attacker may force IO operations to fail, kata will apply the designated policies to the workload either way and the malicious workload will be successfully attested and will start impersonating an benign workload.\nThe exploitation of this vulnerability is possible only when the workload is using rootfs to host the guest binaries, if the binaries are present on a initrd it's not possible to the attacker to intercept the IO operations and cause it to fail.", "threat_severity": "Moderate"}