Main Vulnerability Database Vulnerabilities #VU117653

#VU117653 Permissions, Privileges, and Access Controls in Xen - CVE-2025-58149

Published: October 24, 2025

Vulnerability identifier: #VU117653

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-58149

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a malicious guest to access sensitive information.

The vulnerability exists due to PCI detach logic in libxl that does not remove access permissions to any 64bit memory BARs the device might have. A malicious guest can access any 64bit memory BAR when such device is no longer assigned to the domain.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xen.org/xsa/advisory-476.html

#VU117653 Permissions, Privileges, and Access Controls in Xen - CVE-2025-58149

Description

Remediation

External links

Please verify you're human