Medium severity5.5NVD Advisory· Published Nov 11, 2025· Updated May 19, 2026
CVE-2025-12748
CVE-2025-12748
Description
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
50- osv-coords47 versionspkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-client-qemupkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-commonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-qemupkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-daemon-kvmpkg:rpm/almalinux/libvirt-daemon-lockpkg:rpm/almalinux/libvirt-daemon-logpkg:rpm/almalinux/libvirt-daemon-plugin-lockdpkg:rpm/almalinux/libvirt-daemon-plugin-sanlockpkg:rpm/almalinux/libvirt-daemon-proxypkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/libvirt-ssh-proxypkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Micro%206.2
< 11.10.0-12.el10_2.alma.1+ 46 more
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 11.10.0-12.el10_2.alma.1
- (no CPE)range: < 10.0.0-150600.8.12.1
- (no CPE)range: < 11.4.0-160000.3.1
- (no CPE)range: < 11.9.0-2.1
- (no CPE)range: < 7.1.0-150300.6.44.1
- (no CPE)range: < 8.0.0-150400.7.14.1
- (no CPE)range: < 8.0.0-150400.7.14.1
- (no CPE)range: < 9.0.0-150500.6.26.1
- (no CPE)range: < 11.0.0-150700.4.13.1
- (no CPE)range: < 11.0.0-150700.4.13.1
- (no CPE)range: < 11.4.0-160000.3.1
- (no CPE)range: < 11.4.0-160000.3.1
- (no CPE)range: < 5.1.0-13.45.1
- (no CPE)range: < 10.0.0-4.1
- (no CPE)range: < 10.0.0-slfo.1.1_2.1
- (no CPE)range: < 11.4.0-160000.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.