CVE-2025-49794

CRITICAL

Red Hat Enterprise Linux libxml2 - Use-After-Free in XPath Parser with Schema Elements

Title source: llm

Description

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

References (32)

Core 32

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10630

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10698

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:10699

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:11580

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12098

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12099

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12199

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12237

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12239

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12240

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:12241

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:13335

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15397

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15827

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:15828

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18217

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18218

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18219

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:18240

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19020

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19041

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19046

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19894

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21913

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2026:0934

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-49794

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:7519

https://access.redhat.com/errata/RHSA-2026:7519

Mailing List

https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

Scores

CVSS v3 9.1

EPSS 0.0067

EPSS Percentile 46.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-825

Status published

Products (47)

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2

Red Hat/cert-manager operator for Red Hat OpenShift 1.16 v1.16.5-1760515757

Red Hat/File Integrity Operator 1 sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605

Red Hat/File Integrity Operator 1 sha256:59fcdf4ea159ba76fdb582011263672646dd9d63304a91592c0a21d0f43986a4

Red Hat/File Integrity Operator 1 sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9

Red Hat/File Integrity Operator 1 v1.3

Red Hat/OpenShift File Integrity Operator - FIO 1 v1.3

Red Hat/Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

Red Hat/Red Hat Enterprise Linux 6

... and 37 more

Published Jun 16, 2025

Tracked Since Feb 18, 2026