CNNVD-202511-1004 Information

Nov 11, 2025 cve

CNNVD ID

CNNVD-202511-1004

CVE-2025-12748

CNNVD Published: 2025-11-11

Description (Chinese)

libvirt是libvirt开源的一个用于实现Linux虚拟化功能的Linux API。它支持各种Hypervisor，包括Xen和KVM，以及QEMU和用于其他操作系统的一些虚拟产品。 libvirt存在安全漏洞，该漏洞源于XML文件处理过程中ACL检查前执行解析，可能导致恶意用户通过特制XML文件使主机内存过度消耗，进而导致拒绝服务。

Description (English)

Libvirt is a Linux API for the Linux virtualization function. It supports various Hypervisor, including Xen and KVM, as well as QEMU and some virtual products for other operating systems. Libvirt had a security loophole, which stemmed from the analysis performed prior to ACL checking in the processing of XML documents, which could lead to the excessive consumption of mainframe memory by malicious users through custom-made XML files, leading to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

libvirt

Published

2025-11-11

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2413801 https://access.redhat.com/security/cve/CVE-2025-12748 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12748 https://vigilance.fr/vulnerability/libvirt-overload-via-Memory-Consumption-49061

Share on: