Source: libvirt Version: 11.9.0-2 Severity: important Tags: security upstream Forwarded: https://gitlab.com/libvirt/libvirt/-/issues/825 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libvirt. CVE-2025-12748[0]: | A flaw was discovered in libvirt in the XML file processing. More | specifically, the parsing of user provided XML files was performed | before the ACL checks. A malicious user with limited permissions | could exploit this flaw by submitting a specially crafted XML file, | causing libvirt to allocate too much memory on the host. The | excessive memory consumption could lead to a libvirt process crash | on the host, resulting in a denial-of-service condition. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-12748 https://www.cve.org/CVERecord?id=CVE-2025-12748 [1] https://gitlab.com/libvirt/libvirt/-/issues/825 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
