Description
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
References (6)
Scores
CVSS v3
7.5
EPSS
0.0083
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-825
Status
published
Products (8)
Red Hat/Red Hat Enterprise Linux 10
0:2.12.5-7.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Hardened Images
Red Hat/Red Hat Hardened Images
2.15.2-0.3.hum1
Red Hat/Red Hat JBoss Core Services 2.4.62.SP2
Published
Jun 16, 2025
Tracked Since
Feb 18, 2026