CVE-2025-8732

LOW 3.3

libxml2 xmlcatalog xmlParseSGMLCatalog recursion

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

CWE	CWE-674 CWE-404
Vendor	n/a
Product	libxml2
Published	Aug 8, 2025
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for n/a libxml2

Be the first to know when new low vulnerabilities affecting n/a libxml2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / libxml2

2.14.0 2.14.1 2.14.2 2.14.3 2.14.4 2.14.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.319228 vuldb.com: https://vuldb.com/?ctiid.319228 vuldb.com: https://vuldb.com/?submit.622285 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853 drive.google.com: https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-253495.html