CVE-2025-58143 – CVE-2025-58143 is a race condition vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-58143?

CVE-2025-58143 has a CVSS score of 9.8 (CRITICAL). CVE-2025-58143 is a race condition vulnerability in Xen's viridian code that allows a malicious guest VM to cause Xen to free a memory page while it's still mapped in guest physical-to-machine page tables. This affects Xen hypervisors running Windows guests with Hyper-V enlightenments enabled. Attackers with guest VM access can potentially cause denial of service or escalate privileges to the hypervisor level.

📋 TL;DR

CVE-2025-58143 is a race condition vulnerability in Xen's viridian code that allows a malicious guest VM to cause Xen to free a memory page while it's still mapped in guest physical-to-machine page tables. This affects Xen hypervisors running Windows guests with Hyper-V enlightenments enabled. Attackers with guest VM access can potentially cause denial of service or escalate privileges to the hypervisor level.

💻 Affected Systems

Products:

Xen Hypervisor

Versions: All versions up to and including those before the XSA-472 patch

Operating Systems: Linux (Xen hosts running Windows guests)

Default Config Vulnerable: ✅ No

Notes: Only affects Xen installations with Windows guests using Hyper-V enlightenments (viridian mode). Linux guests and other non-Windows guests are not affected.

📦 What is this software?

Xen by Xen

View all CVEs affecting Xen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Hypervisor crash leading to denial of service for all VMs on the host, or potential hypervisor escape allowing guest-to-host privilege escalation.

🟠

Likely Case

Hypervisor crash causing denial of service for all VMs on the affected host.

🟢

If Mitigated

Limited impact if proper isolation and monitoring are in place, but still requires host reboot.

🌐 Internet-Facing: LOW - Requires guest VM access, not directly internet exploitable.

🏢 Internal Only: HIGH - Malicious or compromised guest VMs can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires guest VM access and knowledge of the race condition timing. Part of a coordinated disclosure with multiple related CVEs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Xen security advisory XSA-472 patches

Vendor Advisory: https://xenbits.xenproject.org/xsa/advisory-472.html

Restart Required: Yes

Instructions:

1. Apply Xen security patch for XSA-472. 2. Rebuild Xen from source if using source distribution. 3. Reboot hypervisor host. 4. Verify patch is applied by checking Xen version.

🔧 Temporary Workarounds

Disable Hyper-V enlightenments

linux

Disable viridian mode for Windows guests to prevent exploitation

xl vm-param-set <domain-id> viridian=false

🧯 If You Can't Patch

Isolate Windows guest VMs from critical infrastructure
Implement strict monitoring for hypervisor crashes and unexpected reboots

🔍 How to Verify

Check if Vulnerable:

Check if Xen version is vulnerable by comparing against patched versions in XSA-472 advisory

Check Version:

xl info | grep xen_version

Verify Fix Applied:

Verify Xen version includes XSA-472 patches and check that 'xl dmesg' shows no related crash reports

📡 Detection & Monitoring

Log Indicators:

Hypervisor crashes
Unexpected host reboots
Xen dmesg errors related to viridian or reference TSC

Network Indicators:

Sudden loss of connectivity to multiple VMs on same host

SIEM Query:

Search for 'Xen crash', 'hypervisor panic', or 'viridian' in system logs and Xen dmesg output

📊 Metadata

CVE ID: CVE-2025-58143

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-366

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: September 11, 2025

Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58143, you might also want to check these: