CVEFinder.io

CVE-2025-13193

πŸ”Ά medium
Summary

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-17
First Seen: 2026-01-05
Last Modified 2025-11-18
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-276

πŸ”— References 2

https://access.redhat.com/security/cve/CVE-2025-13193
https://bugzilla.redhat.com/show_bug.cgi?id=2415409

πŸ“¦ Affected Products 2

Vendor Product Status Affected Versions
red_hat red_hat_enterprise_linux_6 Affected All versions
red_hat red_hat_enterprise_linux_7 Affected All versions

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-12744 ⚠️ high 8.8 0.0 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from... 2025-12-03
CVE-2025-13502 ⚠️ high 7.5 0.1 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, lea... 2025-11-25
CVE-2025-12748 πŸ”Ά medium 5.5 0.1 A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files w... 2025-11-11
These CVEs affect the same products