Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75494.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-75494
Upstream
  • CVE-2025-14459
Published
2026-01-26T20:16:07Z
Modified
2026-04-21T04:38:57.396629Z
Summary
CVE-2025-14459 affecting package kubevirt 0.59.0-38
Details

A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.

References

Affected packages

Azure Linux:2 / kubevirt

Package

Name
kubevirt
Purl
pkg:rpm/azure-linux/kubevirt

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.59.0-38

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75494.json"