CVE-2025-7425
HIGHlibxml2 < 2.15.2 - Use-After-Free in XSLT Key Function Tree Fragment Handling
Title source: llmDescription
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
References (43)
Core 43
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13464
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13622
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14818
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:11503
https://access.redhat.com/errata/RHSA-2026:11503
Mailing List
http://seclists.org/fulldisclosure/2025/Aug/0
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/30
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/32
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/35
Mailing List
http://seclists.org/fulldisclosure/2025/Jul/37
Vendor Advisory vendor-advisory
x_refsource_redhat
RHBA-2025:12345
https://access.redhat.com/errata/RHBA-2025:12345
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12447
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12450
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13267
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13308
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13309
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13310
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13311
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13312
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13313
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13314
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13335
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14059
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14396
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14819
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14853
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:14858
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15308
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15672
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15827
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15828
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:18219
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21885
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21913
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0934
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-7425
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
Issue Tracking
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Scores
CVSS v3
7.8
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (50)
GNOME/libxml2
< 2.15.2
Red Hat/cert-manager operator for Red Hat OpenShift 1.16
sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b
Red Hat/cert-manager operator for Red Hat OpenShift 1.16
v1.16.5-1760515757
Red Hat/Compliance Operator 1
sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049
Red Hat/Compliance Operator 1
sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02
Red Hat/Compliance Operator 1
sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498
Red Hat/Compliance Operator 1
sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e
Red Hat/Compliance Operator 1
sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41
Red Hat/File Integrity Operator 1
sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605
Red Hat/File Integrity Operator 1
sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9
... and 40 more
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026