Memory Corruption Vulnerability in libxml2 Affecting Various Applications
CVE-2025-49796

9.1CRITICAL

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-49796?

A vulnerability in libxml2 allows attackers to exploit the processing of specific sch:name elements within XML files. This can trigger a memory corruption issue, potentially leading to crashes and undefined behavior. The flaw enables the creation of malicious XML input files that can compromise the integrity of the application using libxml2, resulting in the risk of denial of service and exposure of sensitive data.

References

https://access.redhat.com/security/cve/CVE-2025-49796

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Jun 10, 2025

Red Hat

What is CVE-2025-49796?

References

CVSS V3.1

Timeline