CVE-2025-13193 Security Details

CVE ID

CVE-2025-13193

CWE

CWE-276

CVE Description

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Published

Nov 20, 2025

CVSS Score & Severity

6.8Medium

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.053%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

https://bugzilla.redhat.com/show_bug.cgi?id=2415409THIRD_PARTY