Memory Corruption Vulnerability in libxml2 Affecting Various Applications
CVE-2025-49796

9.1CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Vendor
CVE Published:
16 June 2025

What is CVE-2025-49796?

A vulnerability in libxml2 allows attackers to exploit the processing of specific sch:name elements within XML files. This can trigger a memory corruption issue, potentially leading to crashes and undefined behavior. The flaw enables the creation of malicious XML input files that can compromise the integrity of the application using libxml2, resulting in the risk of denial of service and exposure of sensitive data.

Affected Version(s)

Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

Red Hat Enterprise Linux 8 0:2.9.7-21.el8_10.1

Red Hat Enterprise Linux 8 0:2.9.7-21.el8_10.1

References

https://access.redhat.com/errata/RHSA-2025:10630
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10698
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10699
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.