Denial-of-Service Vulnerability in libvirt XML File Processing by Red Hat
CVE-2025-12748

5.5MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
11 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12748?

A vulnerability in libvirt's handling of XML file processing has been identified, allowing malicious users with limited permissions to exploit the system. The flaw occurs because user-provided XML files are parsed before the necessary Access Control List (ACL) checks are completed. An attacker could craft a specifically designed XML file that, when processed, causes excessive memory allocation on the host system. This can lead to the libvirt process crashing, resulting in a denial-of-service condition that could disrupt services reliant on libvirt.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12748
Created by TERESH1

References

https://access.redhat.com/security/cve/CVE-2025-12748
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2413801
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

Credit

Red Hat would like to thank Artem Mukhin and Святослав Терешин for reporting this issue.
JSON
.