DEBIAN-CVE-2025-12748
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-12748
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-12748.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-12748
- Upstream
- Published
- 2025-11-11T20:15:34.453Z
- Modified
- 2026-01-10T14:07:38.561250Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
- References
Affected packages
Debian:11 / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/debian/libvirt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.0-3
7.0.0-3+deb11u1
7.0.0-3+deb11u2
7.0.0-3+deb11u3
7.6.0-1
7.9.0-1
7.10.0-1
7.10.0-2
7.10.0-3
8.*
8.0.0-1~bpo11+1
8.0.0-1
8.1.0-1
8.1.0-2
8.2.0-1
8.3.0-1
8.4.0-1
8.5.0-1
8.5.0-2
8.9.0-1
8.10.0-1
8.10.0-2
8.10.0-3
9.*
9.0.0-1
9.0.0-2
9.0.0-3
9.0.0-4
9.1.0-1
9.2.0-1
9.2.0-2
9.3.0-1
9.3.0-2
9.4.0-1
9.5.0-1
9.5.0-2
9.6.0-1
9.6.0-2
9.6.0-3
9.7.0-1
9.8.0-1
9.8.0-2
9.9.0-1
9.10.0-1
10.*
10.0.0-1
10.0.0-2
10.0.0-3
10.1.0-1
10.2.0-1
10.3.0-1
10.3.0-2
10.3.0-3
10.4.0-1
10.5.0-1
10.6.0-1
10.6.0-2
10.6.0-3
10.7.0-1
10.7.0-2
10.7.0-3
10.8.0-1
10.9.0-1
10.9.0-2
10.10.0-1
10.10.0-2
10.10.0-3
10.10.0-4
11.*
11.0.0-1
11.0.0-2
11.1.0-1
11.1.0-2
11.2.0-1
11.2.0-2
11.2.0-3
11.3.0-1
11.3.0-2~bpo12+1
11.3.0-2
11.3.0-3
11.4.0-1
11.5.0-1
11.6.0-1
11.7.0-1
11.8.0-1
11.8.0-2
11.9.0-1
11.9.0-2
11.10.0-1
11.10.0-2
Debian:12 / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/debian/libvirt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.0-4
9.0.0-4+deb12u1
9.0.0-4+deb12u2
9.1.0-1
9.2.0-1
9.2.0-2
9.3.0-1
9.3.0-2
9.4.0-1
9.5.0-1
9.5.0-2
9.6.0-1
9.6.0-2
9.6.0-3
9.7.0-1
9.8.0-1
9.8.0-2
9.9.0-1
9.10.0-1
10.*
10.0.0-1
10.0.0-2
10.0.0-3
10.1.0-1
10.2.0-1
10.3.0-1
10.3.0-2
10.3.0-3
10.4.0-1
10.5.0-1
10.6.0-1
10.6.0-2
10.6.0-3
10.7.0-1
10.7.0-2
10.7.0-3
10.8.0-1
10.9.0-1
10.9.0-2
10.10.0-1
10.10.0-2
10.10.0-3
10.10.0-4
11.*
11.0.0-1
11.0.0-2
11.1.0-1
11.1.0-2
11.2.0-1
11.2.0-2
11.2.0-3
11.3.0-1
11.3.0-2~bpo12+1
11.3.0-2
11.3.0-3
11.4.0-1
11.5.0-1
11.6.0-1
11.7.0-1
11.8.0-1
11.8.0-2
11.9.0-1
11.9.0-2
11.10.0-1
11.10.0-2
Debian:13 / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/debian/libvirt?arch=source
Debian:14 / libvirt
Package
- Name
- libvirt
- Purl
- pkg:deb/debian/libvirt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.10.0-1