Boundary Check Vulnerability in Xen Hypercalls for Viridian
CVE-2025-58147

7.5HIGH

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 31 October 2025

🔔 Create Xen Project Vulnerability Alert

What is CVE-2025-58147?

The vulnerability allows for boundary checking errors within Xen hypercalls used in Viridian environments, particularly concerning the specification of vCPU ID masks. The issue arises from improper handling of input formats, leading to potential out-of-bounds reads and writes. Specifically, hypercalls utilizing the HV_VP_SET Sparse format may result in erroneous memory operations, impacting system stability and security.

Affected Version(s)

Xen consult Xen advisory XSA-475

References

https://xenbits.xenproject.org/xsa/advisory-475.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Aug 26, 2025

Credit

This issue was discovered by Teddy Astie of Vates

JSON