๐Ÿ” CVE Alert

CVE-2025-7425

HIGH 7.8

Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

CVSS Score
7.8
EPSS Score
0.1%
EPSS Percentile
19th

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

CWE CWE-416
Vendor gnome
Product libxml2
Published Jul 10, 2025
Last Updated Apr 14, 2026
Stay Ahead of the Next One

Get instant alerts for gnome libxml2

Be the first to know when new high vulnerabilities affecting gnome libxml2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High

Affected Versions

GNOME / libxml2
0 < 2.15.2
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.19
All versions affected
Red Hat / Red Hat Web Terminal 1.11 on RHEL 9
All versions affected
Red Hat / Red Hat Web Terminal 1.11 on RHEL 9
All versions affected
Red Hat / Red Hat Web Terminal 1.12 on RHEL 9
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / RHOSS-1.36-RHEL-8
All versions affected
Red Hat / cert-manager operator for Red Hat OpenShift 1.16
All versions affected
Red Hat / Compliance Operator 1
All versions affected
Red Hat / Compliance Operator 1
All versions affected
Red Hat / Compliance Operator 1
All versions affected
Red Hat / File Integrity Operator 1
All versions affected
Red Hat / Red Hat Discovery 2
All versions affected
Red Hat / Red Hat Insights proxy 1.5
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat OpenShift distributed tracing 3.5.1
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Hardened Images
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHBA-2025:12345 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12447 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12450 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13267 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13308 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13309 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13310 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13311 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13312 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13313 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13314 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13335 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13464 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:13622 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14059 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14396 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14818 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14819 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14853 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:14858 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15308 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15672 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15827 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15828 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:18219 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21885 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21913 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0934 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-7425 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2379274 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html seclists.org: http://seclists.org/fulldisclosure/2025/Aug/0 seclists.org: http://seclists.org/fulldisclosure/2025/Jul/37 seclists.org: http://seclists.org/fulldisclosure/2025/Jul/35 seclists.org: http://seclists.org/fulldisclosure/2025/Jul/32 seclists.org: http://seclists.org/fulldisclosure/2025/Jul/30 openwall.com: http://www.openwall.com/lists/oss-security/2025/07/11/2

Credits

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.