CVEFinder.io

CVE-2025-12748

πŸ”Ά medium
Summary

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

CVSS Score
5.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-11-11
First Seen: 2026-01-05
Last Modified 2025-11-12
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-770

πŸ”— References 2

https://access.redhat.com/security/cve/CVE-2025-12748
https://bugzilla.redhat.com/show_bug.cgi?id=2413801

πŸ“¦ Affected Products 2

Vendor Product Status Affected Versions
red_hat red_hat_enterprise_linux_6 Affected All versions
red_hat red_hat_enterprise_linux_7 Affected All versions

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-12744 ⚠️ high 8.8 0.0 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from... 2025-12-03
CVE-2025-13502 ⚠️ high 7.5 0.1 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, lea... 2025-11-25
CVE-2025-13193 πŸ”Ά medium 5.5 0.0 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, ma... 2025-11-17
These CVEs affect the same products