Memory Management Vulnerability in libxslt by Red Hat
CVE-2025-7425

7.8HIGH

Key Information:

Vendor

Gnome
Status
Libxml2
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
10 July 2025

What is CVE-2025-7425?

A memory management flaw in libxslt allows improper handling of the atype attribute flags, leading to potential memory corruption. When the key() function in XSLT processes certain tree fragments, it fails to clean up ID attributes properly, which may result in the system accessing freed memory. This could cause application crashes or may be exploited by attackers to trigger heap corruption, posing significant risks to application stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cert-manager operator for Red Hat OpenShift 1.16 sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b

Compliance Operator 1 sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e

Compliance Operator 1 sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41

References

https://access.redhat.com/errata/RHSA-2025:12447
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12450
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13267
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.
JSON
.