Buffer Overflow Detected in libxml2 Impacting Red Hat Programs
CVE-2025-6021

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-6021?

A vulnerability exists in the xmlBuildQName function of libxml2, where improper calculations of buffer sizes due to integer overflows can result in a stack-based buffer overflow. Attackers can exploit this flaw by supplying specially crafted input, ultimately leading to memory corruption or causing a denial of service in applications using vulnerable versions of libxml2.

References

https://access.redhat.com/security/cve/CVE-2025-6021

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2372406

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Red Hat would like to thank Ahmed Lekssays for reporting this issue.