CVE-2025-12748

MEDIUM

Red Hat Enterprise Linux 6-10 - Denial of Service via XML File Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-12748. PoCs published by TERESH1.

AI-analyzed exploit summary This PoC demonstrates a denial-of-service (DoS) vulnerability in libvirt's XML file processing, where ACL checks are bypassed, allowing resource exhaustion via a crafted XML file. The exploit requires a restricted user with limited permissions to trigger excessive resource consumption.

Description

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Exploits (1)

nomisec WORKING POC

by TERESH1 · poc

https://github.com/TERESH1/CVE-2025-12748

View Code ZIP pw:eip

This PoC demonstrates a denial-of-service (DoS) vulnerability in libvirt's XML file processing, where ACL checks are bypassed, allowing resource exhaustion via a crafted XML file. The exploit requires a restricted user with limited permissions to trigger excessive resource consumption.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: libvirt (version not specified, but likely affects multiple versions)

Auth required

Prerequisites: libvirt/qemu installed and configured · polkit rules restricting user permissions · access to a restricted user account

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:18326

https://access.redhat.com/errata/RHSA-2026:18326

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:18748

https://access.redhat.com/errata/RHSA-2026:18748

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-12748

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2413801

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (7)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 10 0:11.10.0-12.el10_2

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat Enterprise Linux 9 0:11.10.0-12.el9_8

Published Nov 11, 2025

Tracked Since Feb 18, 2026