Use-After-Free Vulnerability in Libxslt Product by GNOME
CVE-2025-24855

7.8HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxslt
Vendor: CVE Published:; 14 March 2025

What is CVE-2025-24855?

An issue in Libxslt versions prior to 1.1.43 exposes a use-after-free vulnerability. During nested XPath evaluations, the XPath context node can be modified without being properly restored, potentially leading to unauthorized access or manipulation of data. Key functions associated with this vulnerability include xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. It is crucial for users to update to safeguarded versions to mitigate risks.

Affected Version(s)

libxslt 0 < 1.1.43

References

https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Jan 26, 2025

Xmlsoft

What is CVE-2025-24855?

Affected Version(s)

References

CVSS V3.1

Timeline