Buffer Overflow Detected in libxml2 Impacting Red Hat Programs
CVE-2025-6021

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor: CVE Published:; 12 June 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-6021?

A vulnerability exists in the xmlBuildQName function of libxml2, where improper calculations of buffer sizes due to integer overflows can result in a stack-based buffer overflow. Attackers can exploit this flaw by supplying specially crafted input, ultimately leading to memory corruption or causing a denial of service in applications using vulnerable versions of libxml2.

Affected Version(s)

Red Hat Discovery 2 sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344

Red Hat Enterprise Linux 10 0:2.12.5-7.el10_0

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.9.1-6.el7_9.10

References

https://access.redhat.com/errata/RHSA-2025:10630

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:10698

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:10699

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

.