Memory Management Vulnerability in libxslt by Red Hat
CVE-2025-7425

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 10 July 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-7425?

A memory management flaw in libxslt allows improper handling of the atype attribute flags, leading to potential memory corruption. When the key() function in XSLT processes certain tree fragments, it fails to clean up ID attributes properly, which may result in the system accessing freed memory. This could cause application crashes or may be exploited by attackers to trigger heap corruption, posing significant risks to application stability and security.

Affected Version(s)

cert-manager operator for Red Hat OpenShift 1.16 sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323

Red Hat Discovery 2 sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.9.1-6.el7_9.12

References

https://access.redhat.com/errata/RHSA-2025:12447

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:12450

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:13267

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jul 10, 2025

Credit

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.

.

CVE-2025-7425 : Memory Management Vulnerability in libxslt by Red Hat