CVE-2025-58151: CWE-367 Time-of-check time-of-use (TOCTOU) race condition in Xen varstored
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
AI Analysis
Technical Summary
The vulnerability CVE-2025-58151 affects the Xen varstored component responsible for managing UEFI variables in virtual machines. It involves a TOCTOU race condition caused by insufficient compiler barriers in the shared buffer communication path between varstored and OVMF. The exact exploitability depends on compiler-generated code, but in default builds, an attacker may control an index used in a jump table, potentially leading to arbitrary code execution or other critical impacts. No remediation level or patches have been published as of now.
Potential Impact
This vulnerability has a CVSS 4.0 base score of 9.4 (critical), indicating a high impact. The TOCTOU race condition can lead to severe consequences such as arbitrary code execution or compromise of the virtual machine's integrity due to attacker control over jump table indexing. The vulnerability requires local access (AV:L) but no privileges (PR:N) or user interaction (UI:N), with high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been published. Until a patch is available, users should monitor Xen project advisories for updates. No vendor advisory content indicates that the issue is already mitigated or requires no action.
CVE-2025-58151: CWE-367 Time-of-check time-of-use (TOCTOU) race condition in Xen varstored
Description
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
CVSS v4.0
Score 9.4critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-58151 affects the Xen varstored component responsible for managing UEFI variables in virtual machines. It involves a TOCTOU race condition caused by insufficient compiler barriers in the shared buffer communication path between varstored and OVMF. The exact exploitability depends on compiler-generated code, but in default builds, an attacker may control an index used in a jump table, potentially leading to arbitrary code execution or other critical impacts. No remediation level or patches have been published as of now.
Potential Impact
This vulnerability has a CVSS 4.0 base score of 9.4 (critical), indicating a high impact. The TOCTOU race condition can lead to severe consequences such as arbitrary code execution or compromise of the virtual machine's integrity due to attacker control over jump table indexing. The vulnerability requires local access (AV:L) but no privileges (PR:N) or user interaction (UI:N), with high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been published. Until a patch is available, users should monitor Xen project advisories for updates. No vendor advisory content indicates that the issue is already mitigated or requires no action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- XEN
- Date Reserved
- 2025-08-26T06:48:41.444Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4fbf4768715ace439fdcfb
Added to database: 07/09/2026, 15:33:27 UTC
Last enriched: 07/09/2026, 15:49:05 UTC
Last updated: 07/10/2026, 03:34:17 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.