Memory Corruption Vulnerability in libxml2 Affecting Various Applications
CVE-2025-49796

9.1CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
16 June 2025

What is CVE-2025-49796?

A vulnerability in libxml2 allows attackers to exploit the processing of specific sch:name elements within XML files. This can trigger a memory corruption issue, potentially leading to crashes and undefined behavior. The flaw enables the creation of malicious XML input files that can compromise the integrity of the application using libxml2, resulting in the risk of denial of service and exposure of sensitive data.

Affected Version(s)

cert-manager operator for Red Hat OpenShift 1.16 sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2

Red Hat Discovery 2 sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344

Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

References

https://access.redhat.com/errata/RHSA-2025:10630
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10698
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10699
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.