CVE-2025-11731

LOW 3.1

Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

CVSS Score

3.1

EPSS Score

0.1%

EPSS Percentile

20th

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

CWE	CWE-843
Published	Oct 14, 2025
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new low vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

Red Hat / Red Hat Enterprise Linux 10

All versions affected

Red Hat / Red Hat Enterprise Linux 6

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Hardened Images

All versions affected

Red Hat / Red Hat OpenShift Container Platform 4

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-11731 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2403688 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxslt/-/issues/151 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78

Credits

Red Hat would like to thank Google Big Sleep for reporting this issue.