Memory Corruption Vulnerability in libxml2 Affecting Various Applications
CVE-2025-49796

9.1CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
16 June 2025

What is CVE-2025-49796?

A vulnerability in libxml2 allows attackers to exploit the processing of specific sch:name elements within XML files. This can trigger a memory corruption issue, potentially leading to crashes and undefined behavior. The flaw enables the creation of malicious XML input files that can compromise the integrity of the application using libxml2, resulting in the risk of denial of service and exposure of sensitive data.

Affected Version(s)

Red Hat Discovery 2 sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec

Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.9.1-6.el7_9.10

References

https://access.redhat.com/errata/RHSA-2025:10630
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10698
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10699
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49796 : Memory Corruption Vulnerability in libxml2 Affecting Various Applications