Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-8860
CVE-2025-8860:
Wolfi vulnerability analysis and mitigation
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback uefi_vars_write is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback uefi_vars_read returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.
Source: NVD
Related Wolfi vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management