CVE-2025-7424

HIGH

libxslt - Type Confusion via psvi Memory Field Reuse

Title source: llm
STIX 2.1

Description

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

References (13)

Core 13
Core References
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-7424
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2379228
Vendor Advisory vendor-advisory x_refsource_redhat
RHBA-2025:12345
https://access.redhat.com/errata/RHBA-2025:12345
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11015
https://access.redhat.com/errata/RHSA-2026:11015

Scores

CVSS v3 7.5
EPSS 0.0120
EPSS Percentile 64.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-843
Status published
Products (18)
GNOME/libxslt < 1.1.44
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10 0:1.1.39-8.el10_0
Red Hat/Red Hat Enterprise Linux 10 0:2.12.5-8.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Hardened Images
Red Hat/Red Hat Hardened Images 1.1.45-0.1.hum1
... and 8 more
Published Jul 10, 2025
Tracked Since Feb 18, 2026