Memory Management Vulnerability in libxslt by Red Hat
CVE-2025-7425

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-7425?

A memory management flaw in libxslt allows improper handling of the atype attribute flags, leading to potential memory corruption. When the key() function in XSLT processes certain tree fragments, it fails to clean up ID attributes properly, which may result in the system accessing freed memory. This could cause application crashes or may be exploited by attackers to trigger heap corruption, posing significant risks to application stability and security.

References

https://access.redhat.com/security/cve/CVE-2025-7425

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2379274

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jul 10, 2025

Credit

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.