CVE-2019-10161 in libvirtd
Summary
by MITRE
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/23/2025
The vulnerability identified as CVE-2019-10161 represents a critical privilege escalation and information disclosure flaw within the libvirtd daemon, which serves as the core hypervisor management service for virtualization environments. This vulnerability affects libvirtd versions prior to 4.10.1 and 5.4.1, exposing systems to potential exploitation by attackers who possess network access to the libvirtd socket interface. The flaw stems from insufficient input validation and access control mechanisms within the virDomainSaveImageGetXMLDesc() API implementation, creating a pathway for unauthorized file system traversal and arbitrary code execution.
The technical nature of this vulnerability falls under CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal attacks. The flaw allows malicious actors to specify arbitrary file paths through the API call, effectively bypassing normal file system access controls. When the libvirtd process processes these requests, it executes file system operations using its own elevated privileges, creating a dangerous privilege escalation vector. The vulnerability enables attackers to probe file system structures, potentially discovering sensitive configuration files, credentials, or system binaries that could further aid in exploitation.
From an operational impact perspective, this vulnerability poses significant risks to virtualization infrastructure security. An attacker with read-only access to the libvirtd socket can leverage this flaw to perform reconnaissance activities, identifying the presence of sensitive files or directories that should otherwise remain hidden. The potential for denial of service exists when malicious paths are crafted to cause the libvirtd process to attempt operations on non-existent or inaccessible files, leading to process crashes or resource exhaustion. More critically, the vulnerability enables arbitrary code execution through carefully crafted file paths that could cause the libvirtd process to execute unintended programs, potentially leading to complete system compromise.
The attack surface for this vulnerability extends beyond simple information disclosure, as it can be combined with other techniques to achieve broader system compromise. According to ATT&CK framework, this vulnerability maps to T1059 for command and script injection, and T1068 for exploit for privilege escalation. Organizations running affected versions of libvirtd should immediately implement mitigations including patching to versions 4.10.1 or 5.4.1, implementing network segmentation to restrict access to libvirtd socket interfaces, and applying additional access controls through firewall rules. The recommended approach involves comprehensive network monitoring to detect anomalous API usage patterns, combined with regular security audits of virtualization environments to identify and remediate similar access control vulnerabilities. Additionally, implementing least privilege principles for libvirtd service accounts and regular review of API access permissions can significantly reduce the risk exposure associated with this and similar vulnerabilities.