CVE-2025-58354

Vulnerability Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, a malicious host can selectively fail IO operations to skip initdata verification. This allows an attacker to launch arbitrary workloads while being able to attest successfully to Trustee impersonating any benign workload. This issue has been patched in Kata Containers version 3.21.0.

Related Weaknesses (CWE)

References

• https://github.com/kata-containers/kata-containers/commit/3e67f92e34be974e792c15
• https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w

FAQ

What is CVE-2025-58354?

CVE-2025-58354 is a documented vulnerability. Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, ...

How severe is CVE-2025-58354?

CVSS scoring is not yet available for CVE-2025-58354. Check NVD for updates.

Is there a patch for CVE-2025-58354?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.