CVE Catalog

CVE-2025-13193

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile - higher than 1% of all known CVEs

Summary

A flaw was found in libvirt where external inactive snapshots for shut-down VMs are incorrectly created as world-readable, allowing unprivileged users to inspect guest OS contents. This results in an information disclosure vulnerability.

Risk Assessment

The risk is that any local user can read snapshot data of virtual machines, potentially leaking sensitive information stored in the guest system.

Recommendation

Update libvirt to the latest patched version and manually change permissions of existing snapshots to more restrictive ones (e.g., 0600).

Original NVD description (English source)

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS