Denial-of-Service Vulnerability in libvirt XML File Processing by Red Hat
CVE-2025-12748

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-12748?

A vulnerability in libvirt's handling of XML file processing has been identified, allowing malicious users with limited permissions to exploit the system. The flaw occurs because user-provided XML files are parsed before the necessary Access Control List (ACL) checks are completed. An attacker could craft a specifically designed XML file that, when processed, causes excessive memory allocation on the host system. This can lead to the libvirt process crashing, resulting in a denial-of-service condition that could disrupt services reliant on libvirt.

References

https://access.redhat.com/security/cve/CVE-2025-12748

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2413801

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 5, 2025

Credit

Red Hat would like to thank Artem Mukhin and Святослав Терешин for reporting this issue.

JSON