[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-58148":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":29,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":53,"related":54,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":73,"kevs":91,"epss":92,"epss_history":95,"metrics":363,"affected":371},"CVE-2025-58148","[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nSome Viridian hypercalls can specify a mask of vCPU IDs as an input, in\none of three formats.  Xen has boundary checking bugs with all three\nformats, which can cause out-of-bounds reads and writes while processing\nthe inputs.\n\n * CVE-2025-58147.  Hypercalls using the HV_VP_SET Sparse format can\n   cause vpmask_set() to write out of bounds when converting the bitmap\n   to Xen's format.\n\n * CVE-2025-58148.  Hypercalls using any input format can cause\n   send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild\n   vCPU pointer.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":27,"capec":28},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","High",[],[],[],[],[33,35,37,39,41,43,45,47,49,51],{"_key":34},"ALPINE-CVE-2025-58148",{"_key":36},"DSA-6068-1",{"_key":38},"SUSE-SU-2025:3793-1",{"_key":40},"SUSE-SU-2025:3797-1",{"_key":42},"SUSE-SU-2025:3798-1",{"_key":44},"SUSE-SU-2025:3843-1",{"_key":46},"SUSE-SU-2026:0012-1",{"_key":48},"MGASA-2025-0270",{"_key":50},"DEBIAN-CVE-2025-58148",{"_key":52},"UBUNTU-CVE-2025-58148",[],[55,56,57,58,59,60],{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},"2025-10-31T11:50:28.407Z","2025-11-04T21:13:30.190Z","Analyzed",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":66,"epss_score":67,"severity":68,"severity_score":69,"severity_version":70,"severity_source":71,"severity_vector":72,"severity_status":63},false,"low",0.00031,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[74,81,85],{"url":75,"sources":76,"tags":78},"https://xenbits.xenproject.org/xsa/advisory-475.html",[71,77],"nvd",[79,80],"Patch","Vendor Advisory",{"url":82,"sources":83,"tags":84},"http://xenbits.xen.org/xsa/advisory-475.html",[71,77],[79,80],{"url":86,"sources":87,"tags":88},"http://www.openwall.com/lists/oss-security/2025/10/21/1",[71,77],[89,79,90],"Mailing List","Third Party Advisory",[],{"date":93,"score":67,"percentile":94},"2026-06-03",0.09328,[96,99,103,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,157,160,163,166,169,171,174,177,180,184,187,190,193,196,199,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,272,275,278,281,284,287,291,294,297,300,303,306,309,311,315,318,321,324,327,330,333,336,339,342,345,348,350,353,356,359,361],{"date":97,"score":67,"percentile":98},"2025-11-04",0.0775,{"date":100,"score":101,"percentile":102},"2025-11-05",0.00029,0.07153,{"date":104,"score":105,"percentile":106},"2025-11-06",0.00038,0.1106,{"date":108,"score":105,"percentile":109},"2025-11-07",0.11079,{"date":111,"score":105,"percentile":112},"2025-11-08",0.11091,{"date":114,"score":105,"percentile":115},"2025-11-09",0.11054,{"date":117,"score":105,"percentile":118},"2025-11-10",0.11009,{"date":120,"score":105,"percentile":121},"2025-11-11",0.1102,{"date":123,"score":105,"percentile":124},"2025-11-12",0.11058,{"date":126,"score":105,"percentile":127},"2025-11-13",0.11087,{"date":129,"score":105,"percentile":130},"2025-11-14",0.111,{"date":132,"score":105,"percentile":133},"2025-11-15",0.11097,{"date":135,"score":105,"percentile":136},"2025-11-16",0.11101,{"date":138,"score":105,"percentile":139},"2025-11-17",0.11083,{"date":141,"score":105,"percentile":142},"2025-11-18",0.06898,{"date":144,"score":105,"percentile":145},"2025-11-19",0.06911,{"date":147,"score":105,"percentile":148},"2025-11-20",0.06946,{"date":150,"score":105,"percentile":151},"2025-11-21",0.11123,{"date":153,"score":105,"percentile":154},"2025-11-22",0.1113,{"date":156,"score":105,"percentile":112},"2025-11-23",{"date":158,"score":105,"percentile":159},"2025-11-24",0.11045,{"date":161,"score":105,"percentile":162},"2025-11-25",0.11051,{"date":164,"score":105,"percentile":165},"2025-11-26",0.11047,{"date":167,"score":105,"percentile":168},"2025-11-27",0.11055,{"date":170,"score":105,"percentile":165},"2025-11-28",{"date":172,"score":105,"percentile":173},"2025-11-29",0.11033,{"date":175,"score":105,"percentile":176},"2025-11-30",0.1103,{"date":178,"score":105,"percentile":179},"2025-12-01",0.11072,{"date":181,"score":182,"percentile":183},"2025-12-02",0.00042,0.124,{"date":185,"score":182,"percentile":186},"2025-12-03",0.12414,{"date":188,"score":182,"percentile":189},"2025-12-04",0.12396,{"date":191,"score":182,"percentile":192},"2025-12-05",0.12446,{"date":194,"score":182,"percentile":195},"2025-12-06",0.12456,{"date":197,"score":182,"percentile":198},"2025-12-07",0.12442,{"date":200,"score":182,"percentile":192},"2025-12-08",{"date":202,"score":182,"percentile":203},"2025-12-09",0.12503,{"date":205,"score":182,"percentile":206},"2025-12-10",0.12564,{"date":208,"score":182,"percentile":209},"2025-12-11",0.12588,{"date":211,"score":182,"percentile":212},"2025-12-12",0.12633,{"date":214,"score":182,"percentile":215},"2025-12-13",0.1265,{"date":217,"score":182,"percentile":218},"2025-12-14",0.12627,{"date":220,"score":182,"percentile":221},"2025-12-15",0.12579,{"date":223,"score":182,"percentile":224},"2025-12-16",0.12553,{"date":226,"score":182,"percentile":227},"2025-12-17",0.12642,{"date":229,"score":182,"percentile":230},"2025-12-18",0.12726,{"date":232,"score":182,"percentile":233},"2025-12-19",0.12741,{"date":235,"score":182,"percentile":236},"2025-12-20",0.12736,{"date":238,"score":182,"percentile":239},"2025-12-21",0.12718,{"date":241,"score":182,"percentile":242},"2025-12-22",0.12679,{"date":244,"score":182,"percentile":245},"2025-12-23",0.12683,{"date":247,"score":182,"percentile":248},"2025-12-24",0.12703,{"date":250,"score":182,"percentile":251},"2025-12-25",0.12775,{"date":253,"score":182,"percentile":254},"2025-12-26",0.12765,{"date":256,"score":182,"percentile":257},"2025-12-27",0.12768,{"date":259,"score":182,"percentile":260},"2025-12-28",0.12749,{"date":262,"score":182,"percentile":263},"2025-12-29",0.12641,{"date":265,"score":182,"percentile":266},"2025-12-30",0.12624,{"date":268,"score":182,"percentile":269},"2025-12-31",0.12673,{"date":271,"score":182,"percentile":248},"2026-01-01",{"date":273,"score":182,"percentile":274},"2026-01-02",0.1268,{"date":276,"score":182,"percentile":277},"2026-01-03",0.12644,{"date":279,"score":182,"percentile":280},"2026-01-04",0.12571,{"date":282,"score":182,"percentile":283},"2026-01-05",0.12512,{"date":285,"score":182,"percentile":286},"2026-01-06",0.12526,{"date":288,"score":289,"percentile":290},"2026-01-07",0.00044,0.13336,{"date":292,"score":289,"percentile":293},"2026-01-08",0.13388,{"date":295,"score":289,"percentile":296},"2026-01-09",0.13396,{"date":298,"score":289,"percentile":299},"2026-01-10",0.13416,{"date":301,"score":289,"percentile":302},"2026-01-11",0.13343,{"date":304,"score":289,"percentile":305},"2026-01-12",0.1331,{"date":307,"score":289,"percentile":308},"2026-01-13",0.13283,{"date":310,"score":289,"percentile":302},"2026-01-14",{"date":312,"score":313,"percentile":314},"2026-01-15",0.00041,0.12423,{"date":316,"score":313,"percentile":317},"2026-01-16",0.12469,{"date":319,"score":313,"percentile":320},"2026-01-17",0.12481,{"date":322,"score":313,"percentile":323},"2026-01-18",0.12428,{"date":325,"score":313,"percentile":326},"2026-01-19",0.12377,{"date":328,"score":313,"percentile":329},"2026-01-20",0.12358,{"date":331,"score":313,"percentile":332},"2026-01-21",0.12337,{"date":334,"score":313,"percentile":335},"2026-01-22",0.12318,{"date":337,"score":313,"percentile":338},"2026-01-23",0.12403,{"date":340,"score":313,"percentile":341},"2026-01-24",0.12457,{"date":343,"score":313,"percentile":344},"2026-01-25",0.12407,{"date":346,"score":313,"percentile":347},"2026-01-26",0.12349,{"date":349,"score":313,"percentile":332},"2026-01-27",{"date":351,"score":313,"percentile":352},"2026-01-28",0.12325,{"date":354,"score":313,"percentile":355},"2026-01-29",0.12306,{"date":357,"score":313,"percentile":358},"2026-01-30",0.12321,{"date":360,"score":313,"percentile":332},"2026-01-31",{"date":362,"score":313,"percentile":332},"2026-02-01",[364,369],{"source":71,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":69,"baseSeverity":366,"vectorString":72,"impactScore":367,"exploitabilityScore":368},"HIGH",6,10,{"source":77,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":370,"cvss_v4_0":9},{"baseScore":69,"baseSeverity":366,"vectorString":72,"impactScore":367,"exploitabilityScore":368},[372],{"ecosystem":9,"name":373,"vendor":373,"product":373,"cpe_part":374,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":375},"xen","o",[376],{"version":377,"is_range":378,"range_type":379,"version_start":380,"version_start_type":381,"version_end":9,"version_end_type":9,"fixed_in":9},"gte4.15.0",true,"cpe","4.15.0","including"]