CVE-2025-12464 — Vulnetix

CVE-2025-12464 PUBLISHED CVSS 6.199999809265137 MEDIUM

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service.

EPSS 0.04% · 11.6th percentile

Risk Scores

CVSS 3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.04%

11.6th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10
Red Hat	Red Hat Enterprise Linux 7
Red Hat	Red Hat Enterprise Linux 9
		8.1.0
Red Hat	Red Hat OpenShift Container Platform 4
Red Hat	Red Hat Enterprise Linux 6
Red Hat	Red Hat Enterprise Linux 8
Red Hat	Red Hat Enterprise Linux 7

Exploit Intelligence

CIRCL seen: CVE-2025-12464 (circl-sighting)
https://access.redhat.com/security/cve/CVE-2025-12464 (circl)
RHBZ#2408845 (circl)

Timeline

Oct 31, 2025 Coalition ESS Score
Oct 31, 2025 CVE Published
Nov 1, 2025 EPSS Score
Nov 2, 2025 Coalition ESS Score
Nov 4, 2025 Coalition ESS Score
Nov 7, 2025 EPSS Score
Nov 7, 2025 Coalition ESS Score
Nov 12, 2025 EPSS Score
Nov 18, 2025 EPSS Score
Nov 23, 2025 EPSS Score
Nov 29, 2025 EPSS Score
Dec 3, 2025 Coalition ESS Score

References

https://access.redhat.com/security/cve/CVE-2025-12464 vdb
RHBZ#2408845 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-12464 advisory

Open in Interactive Console →