CVE Catalog

CVE-2025-12748

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Risk Assessment

The risk is that an unprivileged user can perform a DoS attack, potentially disrupting virtualization services on the host and affecting the availability of critical systems.

Recommendation

Update libvirt to the patched version immediately. Until the update is applied, restrict access to interfaces accepting XML files and monitor memory usage by libvirt processes.

Original NVD description (English source)

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS