Race Condition Vulnerability in Xen Hypervisor
CVE-2025-58143

9.8CRITICAL

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 11 September 2025

🔔 Create Xen Project Vulnerability Alert

What is CVE-2025-58143?

This vulnerability arises from a race condition in the mapping of the reference Timestamp Counter (TSC) page within the Xen Hypervisor. An attacker with access to a virtual machine can exploit this flaw to manipulate the guest physical to machine (p2m) page tables, potentially leading to the freeing of memory pages while they are still active in the guest context. This can compromise the integrity and stability of the virtualized environment, demonstrating the critical importance of addressing memory handling vulnerabilities in cloud and virtualization infrastructures.

Affected Version(s)

Xen consult Xen advisory XSA-472

References

https://xenbits.xenproject.org/xsa/advisory-472.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

This issue was discovered by Roger Pau Monné of XenServer.