2413801 – (CVE-2025-12748) CVE-2025-12748 libvirt: Denial of service in XML parsing

Bug 2413801 (CVE-2025-12748) - CVE-2025-12748 libvirt: Denial of service in XML parsing

Summary: CVE-2025-12748 libvirt: Denial of service in XML parsing

Keywords:
Status:	NEW
Alias:	CVE-2025-12748
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-10 16:19 UTC by OSIDB Bzimport
Modified:	2025-11-11 19:43 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-10 16:19:45 UTC

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks (https://libvirt.org/acl.html). A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Upstream issue:
https://gitlab.com/libvirt/libvirt/-/issues/825

Patch:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/LTGHU3S4JEMCF5KJNJGWWZ7F2CS6L5SG/

Note You need to log in before you can comment on or make changes to this bug.