Use-After-Free Vulnerability in libxml2 Affecting Multiple Software Applications
CVE-2025-12863

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-12863?

A security flaw exists in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function fails to properly manage memory when XML nodes are transferred between documents. As a result, namespace pointers can erroneously reference a freed memory area once the original document is deleted. This oversight may lead to a use-after-free condition, triggering unexpected behavior such as application crashes during namespace access.

References

https://access.redhat.com/security/cve/CVE-2025-12863

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2413323

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Nov 7, 2025

Credit

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

JSON