Vulnerability Report: GO-2025-3512
- CVE-2024-1725, GHSA-fg9q-5cw2-p6r9
- Affects: github.com/kubevirt/csi-driver
- Published: Mar 13, 2025
- Unreviewed
kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/kubevirt/csi-driver before v0.0.0-202403081943-cc28dcbb0afc14.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-fg9q-5cw2-p6r9 or https://nvd.nist.gov/vuln/detail/CVE-2024-1725.
Affected Modules
-
PathGo VersionsCustom Versions*
-
all versions, no known fixedbefore 0.0.0-202403081943-cc28dcbb0afc14
*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)
Aliases
References
- https://github.com/advisories/GHSA-fg9q-5cw2-p6r9
- https://nvd.nist.gov/vuln/detail/CVE-2024-1725
- https://github.com/kubevirt/csi-driver/commit/cc28dcbb0afca0a7cb8a73bc998ab49f864ed560
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398
- https://vuln.go.dev/ID/GO-2025-3512.json