Use-After-Free Vulnerability in libxml2 Affects Red Hat Products
CVE-2025-49794

9.1CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Vendor
CVE Published:
16 June 2025

Badges

📈 Score: 286📰 News Worthy

What is CVE-2025-49794?

CVE-2025-49794 is a vulnerability identified in the libxml2 library, a crucial component used for parsing XML documents across multiple software products. This particular flaw is categorized as a use-after-free vulnerability, which occurs when a program continues to use a memory reference after it has been freed. In this case, the issue arises when libxml2 is tasked with parsing XPath elements under specific conditions involving XML schematron schemas with defined path elements. If exploited, this vulnerability can lead to the crash of applications that rely on libxml2, potentially causing service disruptions, data corruption, or undefined behavior within affected systems. Given the widespread adoption of libxml2 in various applications, organizations using software based on this library could face significant operational risks if the vulnerability is not addressed.

Potential impact of CVE-2025-49794

  1. Service Disruption: The use-after-free vulnerability can result in application crashes, which may lead to downtime and affect business continuity as critical systems become unavailable during an incident.

  2. Data Integrity Issues: Exploitation of this vulnerability might cause data corruption or unexpected behaviors, raising concerns over the accuracy and reliability of data processed by applications utilizing libxml2.

  3. Increased Attack Surface: With the potential for crashes and undefined behaviors, this vulnerability can serve as a vector for further attacks, allowing malicious actors to leverage the instability of affected systems for more extensive exploits.

Affected Version(s)

Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

Red Hat Enterprise Linux 8 0:2.9.7-21.el8_10.1

Red Hat Enterprise Linux 8 0:2.9.7-21.el8_10.1

News Articles

favicon imageCyber Kendra

Five Critical Security Vulnerabilities Disclosed in Widely-Used libxml2 Library

The maintainers of libxml2, a fundamental XML parsing library used across countless software applications, have disclosed five serious security vulnerabilities that could enable denial-of-service attacks and...

References

https://access.redhat.com/errata/RHSA-2025:10630
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10698
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10699
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Cyber Kendra

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49794 : Use-After-Free Vulnerability in libxml2 Affects Red Hat Products