Memory Type Confusion Vulnerability in libxslt Library by Red Hat
CVE-2025-7424

7.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
10 July 2025

What is CVE-2025-7424?

A vulnerability exists in the libxslt library due to improper handling of memory fields during XML transformations, specifically through the simultaneous use of the psvi memory field for both stylesheet and input data. This situation may lead to type confusion, which can result in significant application instability, possibly allowing attackers to crash the application or corrupt its memory. When exploited, it may cause denial of service or trigger unpredictable behavior, posing a risk to the reliability and security of systems relying on this library.

References

https://access.redhat.com/security/cve/CVE-2025-7424
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2379228
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Ivan Fratric (Google Project Zero) for reporting this issue.
.
CVE-2025-7424 : Memory Type Confusion Vulnerability in libxslt Library by Red Hat