Information Disclosure Vulnerability in Libvirt Affects Users
CVE-2025-13193

5.5MEDIUM

Key Information:

Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-13193?

A flaw in libvirt allows external inactive snapshots of shut-down virtual machines (VMs) to be created with inappropriate permissions, making them world-readable. This vulnerability enables unprivileged users to potentially inspect sensitive contents of the guest operating system, leading to information disclosure risks. The permissions misconfiguration exposes VM data that should remain confidential, necessitating immediate attention to safeguard against unauthorized access.

References

https://access.redhat.com/security/cve/CVE-2025-13193

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2415409

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Nov 14, 2025

Credit

Red Hat would like to thank Sylvain Beucler for reporting this issue.

JSON