CVE-2025-13193
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
A flaw was found in libvirt where external inactive snapshots for shut-down VMs are incorrectly created as world-readable, allowing unprivileged users to inspect guest OS contents. This results in an information disclosure vulnerability.
Risk Assessment
The risk is that any local user can read snapshot data of virtual machines, potentially leaking sensitive information stored in the guest system.
Recommendation
Update libvirt to the latest patched version and manually change permissions of existing snapshots to more restrictive ones (e.g., 0600).
Original NVD description (English source)
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

