[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-58147":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":49,"related":50,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":70,"kevs":88,"epss":89,"epss_history":92,"metrics":360,"affected":368},"CVE-2025-58147","[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nSome Viridian hypercalls can specify a mask of vCPU IDs as an input, in\none of three formats.  Xen has boundary checking bugs with all three\nformats, which can cause out-of-bounds reads and writes while processing\nthe inputs.\n\n * CVE-2025-58147.  Hypercalls using the HV_VP_SET Sparse format can\n   cause vpmask_set() to write out of bounds when converting the bitmap\n   to Xen's format.\n\n * CVE-2025-58148.  Hypercalls using any input format can cause\n   send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild\n   vCPU pointer.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47],{"_key":28},"ALPINE-CVE-2025-58147",{"_key":30},"DSA-6068-1",{"_key":32},"SUSE-SU-2025:3793-1",{"_key":34},"SUSE-SU-2025:3797-1",{"_key":36},"SUSE-SU-2025:3798-1",{"_key":38},"SUSE-SU-2025:3843-1",{"_key":40},"SUSE-SU-2026:0012-1",{"_key":42},"OPENSUSE-SU-2025:15673-1",{"_key":44},"MGASA-2025-0270",{"_key":46},"DEBIAN-CVE-2025-58147",{"_key":48},"UBUNTU-CVE-2025-58147",[],[51,52,53,54,55,56,57],{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},"2025-10-31T11:50:28.282Z","2025-11-04T21:13:28.853Z","Analyzed",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":65,"severity_score":66,"severity_version":67,"severity_source":68,"severity_vector":69,"severity_status":60},false,"low",0.00031,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[71,78,82],{"url":72,"sources":73,"tags":75},"https://xenbits.xenproject.org/xsa/advisory-475.html",[68,74],"nvd",[76,77],"Patch","Vendor Advisory",{"url":79,"sources":80,"tags":81},"http://xenbits.xen.org/xsa/advisory-475.html",[68,74],[76,77],{"url":83,"sources":84,"tags":85},"http://www.openwall.com/lists/oss-security/2025/10/21/1",[68,74],[86,76,87],"Mailing List","Third Party Advisory",[],{"date":90,"score":64,"percentile":91},"2026-06-03",0.09328,[93,96,100,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,154,157,160,163,166,168,171,174,177,181,184,187,190,193,196,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,269,272,275,278,281,284,288,291,294,297,300,303,306,308,312,315,318,321,324,327,330,333,336,339,342,345,347,350,353,356,358],{"date":94,"score":64,"percentile":95},"2025-11-04",0.0775,{"date":97,"score":98,"percentile":99},"2025-11-05",0.00029,0.07153,{"date":101,"score":102,"percentile":103},"2025-11-06",0.00038,0.1106,{"date":105,"score":102,"percentile":106},"2025-11-07",0.11079,{"date":108,"score":102,"percentile":109},"2025-11-08",0.11091,{"date":111,"score":102,"percentile":112},"2025-11-09",0.11054,{"date":114,"score":102,"percentile":115},"2025-11-10",0.11009,{"date":117,"score":102,"percentile":118},"2025-11-11",0.1102,{"date":120,"score":102,"percentile":121},"2025-11-12",0.11058,{"date":123,"score":102,"percentile":124},"2025-11-13",0.11087,{"date":126,"score":102,"percentile":127},"2025-11-14",0.111,{"date":129,"score":102,"percentile":130},"2025-11-15",0.11097,{"date":132,"score":102,"percentile":133},"2025-11-16",0.11101,{"date":135,"score":102,"percentile":136},"2025-11-17",0.11083,{"date":138,"score":102,"percentile":139},"2025-11-18",0.06898,{"date":141,"score":102,"percentile":142},"2025-11-19",0.06911,{"date":144,"score":102,"percentile":145},"2025-11-20",0.06946,{"date":147,"score":102,"percentile":148},"2025-11-21",0.11123,{"date":150,"score":102,"percentile":151},"2025-11-22",0.1113,{"date":153,"score":102,"percentile":109},"2025-11-23",{"date":155,"score":102,"percentile":156},"2025-11-24",0.11045,{"date":158,"score":102,"percentile":159},"2025-11-25",0.11051,{"date":161,"score":102,"percentile":162},"2025-11-26",0.11047,{"date":164,"score":102,"percentile":165},"2025-11-27",0.11055,{"date":167,"score":102,"percentile":162},"2025-11-28",{"date":169,"score":102,"percentile":170},"2025-11-29",0.11033,{"date":172,"score":102,"percentile":173},"2025-11-30",0.1103,{"date":175,"score":102,"percentile":176},"2025-12-01",0.11072,{"date":178,"score":179,"percentile":180},"2025-12-02",0.00042,0.124,{"date":182,"score":179,"percentile":183},"2025-12-03",0.12414,{"date":185,"score":179,"percentile":186},"2025-12-04",0.12396,{"date":188,"score":179,"percentile":189},"2025-12-05",0.12446,{"date":191,"score":179,"percentile":192},"2025-12-06",0.12456,{"date":194,"score":179,"percentile":195},"2025-12-07",0.12442,{"date":197,"score":179,"percentile":189},"2025-12-08",{"date":199,"score":179,"percentile":200},"2025-12-09",0.12503,{"date":202,"score":179,"percentile":203},"2025-12-10",0.12564,{"date":205,"score":179,"percentile":206},"2025-12-11",0.12588,{"date":208,"score":179,"percentile":209},"2025-12-12",0.12633,{"date":211,"score":179,"percentile":212},"2025-12-13",0.1265,{"date":214,"score":179,"percentile":215},"2025-12-14",0.12627,{"date":217,"score":179,"percentile":218},"2025-12-15",0.12579,{"date":220,"score":179,"percentile":221},"2025-12-16",0.12553,{"date":223,"score":179,"percentile":224},"2025-12-17",0.12642,{"date":226,"score":179,"percentile":227},"2025-12-18",0.12726,{"date":229,"score":179,"percentile":230},"2025-12-19",0.12741,{"date":232,"score":179,"percentile":233},"2025-12-20",0.12736,{"date":235,"score":179,"percentile":236},"2025-12-21",0.12718,{"date":238,"score":179,"percentile":239},"2025-12-22",0.12679,{"date":241,"score":179,"percentile":242},"2025-12-23",0.12683,{"date":244,"score":179,"percentile":245},"2025-12-24",0.12703,{"date":247,"score":179,"percentile":248},"2025-12-25",0.12775,{"date":250,"score":179,"percentile":251},"2025-12-26",0.12765,{"date":253,"score":179,"percentile":254},"2025-12-27",0.12768,{"date":256,"score":179,"percentile":257},"2025-12-28",0.12749,{"date":259,"score":179,"percentile":260},"2025-12-29",0.12641,{"date":262,"score":179,"percentile":263},"2025-12-30",0.12624,{"date":265,"score":179,"percentile":266},"2025-12-31",0.12673,{"date":268,"score":179,"percentile":245},"2026-01-01",{"date":270,"score":179,"percentile":271},"2026-01-02",0.1268,{"date":273,"score":179,"percentile":274},"2026-01-03",0.12644,{"date":276,"score":179,"percentile":277},"2026-01-04",0.12571,{"date":279,"score":179,"percentile":280},"2026-01-05",0.12512,{"date":282,"score":179,"percentile":283},"2026-01-06",0.12526,{"date":285,"score":286,"percentile":287},"2026-01-07",0.00044,0.13336,{"date":289,"score":286,"percentile":290},"2026-01-08",0.13388,{"date":292,"score":286,"percentile":293},"2026-01-09",0.13396,{"date":295,"score":286,"percentile":296},"2026-01-10",0.13416,{"date":298,"score":286,"percentile":299},"2026-01-11",0.13343,{"date":301,"score":286,"percentile":302},"2026-01-12",0.1331,{"date":304,"score":286,"percentile":305},"2026-01-13",0.13283,{"date":307,"score":286,"percentile":299},"2026-01-14",{"date":309,"score":310,"percentile":311},"2026-01-15",0.00041,0.12423,{"date":313,"score":310,"percentile":314},"2026-01-16",0.12469,{"date":316,"score":310,"percentile":317},"2026-01-17",0.12481,{"date":319,"score":310,"percentile":320},"2026-01-18",0.12428,{"date":322,"score":310,"percentile":323},"2026-01-19",0.12377,{"date":325,"score":310,"percentile":326},"2026-01-20",0.12358,{"date":328,"score":310,"percentile":329},"2026-01-21",0.12337,{"date":331,"score":310,"percentile":332},"2026-01-22",0.12318,{"date":334,"score":310,"percentile":335},"2026-01-23",0.12403,{"date":337,"score":310,"percentile":338},"2026-01-24",0.12457,{"date":340,"score":310,"percentile":341},"2026-01-25",0.12407,{"date":343,"score":310,"percentile":344},"2026-01-26",0.12349,{"date":346,"score":310,"percentile":329},"2026-01-27",{"date":348,"score":310,"percentile":349},"2026-01-28",0.12325,{"date":351,"score":310,"percentile":352},"2026-01-29",0.12306,{"date":354,"score":310,"percentile":355},"2026-01-30",0.12321,{"date":357,"score":310,"percentile":329},"2026-01-31",{"date":359,"score":310,"percentile":329},"2026-02-01",[361,366],{"source":68,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":362,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":363,"vectorString":69,"impactScore":364,"exploitabilityScore":365},"HIGH",6,10,{"source":74,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":367,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":363,"vectorString":69,"impactScore":364,"exploitabilityScore":365},[369],{"ecosystem":9,"name":370,"vendor":370,"product":370,"cpe_part":371,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":372},"xen","o",[373],{"version":374,"is_range":375,"range_type":376,"version_start":377,"version_start_type":378,"version_end":9,"version_end_type":9,"fixed_in":9},"gte4.15.0",true,"cpe","4.15.0","including"]