Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-7425

Опубликовано: 10 июл. 2025
Источник: debian
EPSS Низкий

Описание

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxsltunfixedpackage
libxsltno-dsatrixiepackage
libxsltno-dsabookwormpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2379274

  • https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

  • While the issue is underlying in libxslt (and the CVE assigned for it), a

  • mitigation can be implemented in src:libxml2, cf.

  • https://gitlab.gnome.org/GNOME/libxslt/-/issues/140#note_2479674

  • and followups.

  • Mitigated by https://gitlab.gnome.org/GNOME/libxml2/-/commit/9de92ed78d8495527c5d7a4d0cc76c1f83768195 (2.14)

  • https://gitlab.gnome.org/GNOME/libxml2/-/commit/f1e1f13b766eb580a8dcc0c4e7a447346dfd862e (master)

  • Mitigation landed in sid in 2.14.5+dfsg-0.1. Additionally the update for libxml2 as provided

  • via DSA 5990-1 (for trixie: 2.12.7+dfsg+really2.9.14-2.1+deb13u1, for bookworm

  • 2.9.14+dfsg-1.3~deb12u4) and DLA 4319-1 (2.9.10+dfsg-6.7+deb11u9) mitigate the issue in trixie,

  • bookworm and bullseye.

  • Potential libxslt-only solution: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140#note_2513942

EPSS

Процентиль: 6%
0.00027
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-7425

CVSS3: 7.8
ubuntu
3 месяца назад

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

redhat логотип

CVE-2025-7425

CVSS3: 7.8
redhat
3 месяца назад

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

nvd логотип

CVE-2025-7425

CVSS3: 7.8
nvd
3 месяца назад

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

suse-cvrf логотип

SUSE-SU-2025:02758-1

suse-cvrf
2 месяца назад

Security update for libxml2

suse-cvrf логотип

SUSE-SU-2025:02621-1

suse-cvrf
2 месяца назад

Security update for libxml2

EPSS

Процентиль: 6%
0.00027
Низкий