CVE-2025-13193 is a vulnerability identified in the libvirt virtualization management library used in Red Hat Enterprise Linux 10. The flaw stems from incorrect default file permissions assigned to external inactive snapshots of virtual machines that are shut down. Specifically, these snapshot files are created with world-readable permissions, allowing any local user on the host system to read the snapshot contents. Since snapshots contain the guest OS disk state, this exposure can lead to unauthorized disclosure of sensitive information stored within the guest VM, such as configuration files, credentials, or proprietary data. The vulnerability requires an attacker to have local access with at least low privileges on the host system but does not require any user interaction. The CVSS 3.1 base score is 5.5 (medium severity), reflecting the high confidentiality impact but limited scope and attack vector (local). No known exploits have been reported in the wild, but the risk remains significant in multi-tenant or shared environments where unprivileged users coexist. The issue arises from libvirt's snapshot creation process failing to restrict permissions appropriately, which can be mitigated by adjusting file creation masks or patching libvirt to enforce stricter permissions. Organizations relying on Red Hat Enterprise Linux 10 for virtualization should audit snapshot permissions and apply vendor patches once available to prevent unauthorized data exposure.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. In environments where multiple users share physical hosts or where unprivileged users have local access, sensitive guest VM data could be exposed. This is particularly concerning for sectors handling sensitive or regulated data such as finance, healthcare, and government. The vulnerability does not affect integrity or availability, so operational disruption is unlikely. However, information disclosure could facilitate further attacks or data breaches. Organizations using Red Hat Enterprise Linux 10 with libvirt for virtualization, especially in cloud, hosting, or shared infrastructure contexts, are at risk. The impact is amplified in environments with weak host access controls or where snapshot files contain sensitive information. Since exploitation requires local access, organizations with strict physical and logical access controls will have reduced risk. Nonetheless, the potential for insider threats or compromised accounts means mitigation is critical.

1. Immediately audit existing external inactive VM snapshot files on hosts running Red Hat Enterprise Linux 10 to verify and correct file permissions, ensuring they are not world-readable. 2. Restrict local user access on virtualization hosts to trusted administrators only, minimizing the number of users who can exploit this vulnerability. 3. Apply any available patches or updates from Red Hat addressing this libvirt permission issue as soon as they are released. 4. Configure libvirt or the underlying filesystem to enforce stricter default permissions (e.g., umask settings) for snapshot files to prevent world-readable creation. 5. Implement host-based access controls and monitoring to detect unauthorized access attempts to snapshot files. 6. Consider encrypting sensitive data within guest VMs to reduce the impact of potential snapshot exposure. 7. Review and harden virtualization host security policies, including user privilege management and audit logging. 8. For environments with multi-tenancy or shared hosts, isolate VMs and limit snapshot creation privileges to trusted roles. 9. Educate system administrators about the risks of improper snapshot permissions and best practices for managing VM snapshots securely.