Database Input Issues in XAPI by Xen Project
CVE-2025-58146
What is CVE-2025-58146?
XAPI, developed by the Xen Project, has identified multiple vulnerabilities that can severely impact database operations. The first issue arises when input strings are sanitized during updates to the XAPI database, yet notifications are generated using unsanitized input, leading to termination of the database's event thread. Additionally, discrepancies between the UTF-8 encoder in XAPI, which adheres to version 3.0 of the Unicode specification, and other libraries that comply with version 3.1 can allow invalid strings to be stored in the database. As a result, such strings may cause the database to become unloaderable. Finally, there is a lack of input sanitization during Map/Set updates on objects within the database, further exposing the system to potential issues.
Affected Version(s)
XAPI Linux all
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved