Libvirt: denial of service in xml parsing

...

SUSE CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

Virtuozzo Hybrid Infrastructure 7.0 Hotfix 5 (7.0.0-273)

This update provides important stability fixes. Vulnerability id: VSTOR-115013 A stability fix for libvirt. Vulnerability id: VSTOR-115455 Failed to add a node to the compute cluster. Vulnerability id: VSTOR-118628 Fixed missing FUA write processing on dm-qcow2 and dm-ploop devices...

Virtuozzo Hybrid Infrastructure 7.1 Hotfix 2 (7.1.0-190)

This update provides important stability fixes. Vulnerability id: VSTOR-115013 A stability fix for libvirt. Vulnerability id: VSTOR-115455 Failed to add a node to the compute cluster. Vulnerability id: VSTOR-118628 Fixed missing FUA write processing on dm-qcow2 and dm-ploop devices...

Linux Distros Unpatched Vulnerability : CVE-2025-12748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A...

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

AZL-70187 CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

AZL-70199 CVE-2025-12748 affecting package libvirt for versions less than 7.10.0-11

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

UBUNTU-CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748 Libvirt: denial of service in xml parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748 Libvirt: denial of service in xml parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748

CVE-2025-12748 is a libvirt vulnerability arising from XML file processing where parsing occurs before ACL checks, allowing a malicious XML payload with limited permissions to trigger excessive host memory allocation and a denial-of-service in the libvirt process. Connected advisories confirm aff...

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

libvirt 安全漏洞

libvirt is libvirt's open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A security vulnerability exists in libvirt that stems...

libvirt -- Multiple vulnerabilities

The libvirt project reports: See changelog for details...

Astra Linux – Vulnerability in libvirt

The vulnerability of the virerror.c component in the Libvirt virtualization management library is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows an attacker who operates remotely to cause a service failure...

PT-2025-46530

Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description A flaw exists in libvirt related to XML file processing. Specifically, user-provided XML files are parsed before Access Control List ACL checks. A malicious user with limited permissions coul...