CVE-2025-7424

HIGH

Libxslt - Memory Corruption

Title source: llm

Description

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

References (10)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2025-7424

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2379228

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html

[Mailing List] http://www.openwall.com/lists/oss-security/2025/07/11/2

[Mailing List] http://seclists.org/fulldisclosure/2025/Aug/0

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/30

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/32

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/33

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/35

[Mailing List] http://seclists.org/fulldisclosure/2025/Jul/37

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-843

Status published

Affected Products (7)

xmlsoft/libxslt

redhat/openshift_container_platform

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux

redhat/enterprise_linux

Timeline

Published Jul 10, 2025

Tracked Since Feb 18, 2026