Memory Handling Vulnerabilities in Xen Hypervisor by Xen Project
CVE-2025-58142

9.8CRITICAL

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 11 September 2025

🔔 Create Xen Project Vulnerability Alert

What is CVE-2025-58142?

The vulnerability involves improper handling of guest memory pages in the Xen Hypervisor. Specifically, a NULL pointer dereference can occur when a synthetic timer message is delivered, resulting in potential instability and security risks. Additionally, there are implications around race conditions during the mapping of reference TSC areas. It is critical for administrators to assess their environments and apply appropriate patches to mitigate exposure.

Affected Version(s)

Xen consult Xen advisory XSA-472

References

https://xenbits.xenproject.org/xsa/advisory-472.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

This issue was discovered by Roger Pau Monné of XenServer.