VYPR
Medium severityOSV Advisory· Published Sep 23, 2025· Updated Apr 15, 2026

CVE-2025-58354

CVE-2025-58354

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1.10.0-rc0, 1.11.0-alpha0, 1.11.0-alpha1, …+ 1 more
    • (no CPE)range: 1.10.0-rc0, 1.11.0-alpha0, 1.11.0-alpha1, …
    • (no CPE)range: <=3.20.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.