Main Vulnerability Database Vulnerabilities #VU117653

Permissions, Privileges, and Access Controls in Xen - CVE-2025-58149

Published: October 24, 2025

Vulnerability identifier: #VU117653

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-58149

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a malicious guest to access sensitive information.

The vulnerability exists due to PCI detach logic in libxl that does not remove access permissions to any 64bit memory BARs the device might have. A malicious guest can access any 64bit memory BAR when such device is no longer assigned to the domain.

How to mitigate CVE-2025-58149

Install updates from vendor's website.

Sources

https://xenbits.xen.org/xsa/advisory-476.html

Permissions, Privileges, and Access Controls in Xen - CVE-2025-58149

Detailed vulnerability description

How to mitigate CVE-2025-58149

Sources

Please verify you're human