HOMEVULNERABILITIESCVE-2025-58151
CRITICAL

CVE-2025-58151

CWE-367Published: July 9, 2026· Updated: Jul 9, 2026

9.4
CVSS v3.1
EPSS:0.12%probability of exploitation in 30 daysPercentile:2.1th

Official Description

varstored is a component of the Xapi toolstack handling UEFI Variables

for a VM. It has a communication path with OVMF inside the VM involving

mapping a buffer prepared by OVMF.

Within varstored, there were insufficient compiler barriers, creating

TOCTOU issues with data in the shared buffer.

The exact vulnerable behaviour depends on the code generated by the

compiler. In a build of varstored using default settings, the attacker

can control an index used in a jump table.

NVD Source

Risk Analysis

This critical vulnerability in varstored, a component of the Xapi toolstack handling UEFI Variables, arises from insufficient compiler barriers. This creates Time-of-Check to Time-of-Use (TOCTOU) issues with data in a shared buffer, potentially allowing an attacker to control an index in a jump table. With a CVSS score of 9.4, this flaw is considered critical, though its EPSS score is currently unavailable, and it is not confirmed to be exploited in the wild.

No public exploit is currently known for this vulnerability, and it is not listed in CISA's Known Exploited Vulnerabilities catalog.

Recommended Action

Apply patches or upgrades for varstored to address the TOCTOU issues and ensure proper compiler barriers are in place. Regularly update virtualization components to mitigate such vulnerabilities.

Generated by the CTIWATCH analysis pipeline from this CVE's metadata (CVSS, EPSS, KEV status, exploit intelligence). Verify against vendor advisories before acting.

Technical Analysis

CVE-2025-58151 requires local access, meaning attackers must already have a foothold on the target system.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2025-58151
CVSS Score9.4 / 10
SeverityCRITICAL
WeaknessCWE-367
CISA KEVNo
EPSS (30d)0.12%
PublishedJul 9, 2026

Related CVEs (CWE-367)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-58151 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.