{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-24855", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-02-26T19:09:31.574Z", "dateReserved": "2025-01-26T00:00:00.000Z", "datePublished": "2025-03-14T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libxslt", "vendor": "xmlsoft", "versions": [{"lessThan": "1.1.43", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-14T01:12:30.912Z"}, "references": [{"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.43"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-02T03:55:44.994172Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T19:09:31.574Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:12:46.184Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:12:46.184Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-02T03:55:44.994172Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T19:01:07.821Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"}}], "affected": [{"vendor": "xmlsoft", "product": "libxslt", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.43", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.1.43"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-14T01:12:30.912Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24855", "state": "PUBLISHED", "dateUpdated": "2026-02-26T19:09:31.574Z", "dateReserved": "2025-01-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA1BBB0-7A2D-4692-9A66-E59385990224", "versionEndExcluding": "1.1.43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal."}, {"lang": "es", "value": "numbers.c en libxslt anterior a la versi\u00f3n 1.1.43 tiene un m\u00e9todo de uso despu\u00e9s de la liberaci\u00f3n porque, en evaluaciones XPath anidadas, un nodo de contexto XPath puede modificarse, pero nunca restaurarse. Esto est\u00e1 relacionado con xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs y xsltComputeSortResultInternal."}], "id": "CVE-2025-24855", "lastModified": "2025-11-03T22:18:40.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-14T02:15:15.717", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7496", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "libxslt-0:1.1.39-7.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:3612", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libxslt-0:1.1.28-8.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:4098", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libxslt-0:1.1.28-9.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-04-23T00:00:00Z"}, {"advisory": "RHSA-2025:3615", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-6.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3615", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxslt-0:1.1.32-6.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3619", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libxslt-0:1.1.32-6.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3626", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libxslt-0:1.1.32-8.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3625", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "libxslt-0:1.1.32-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3624", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libxslt-0:1.1.32-8.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3107", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libxslt-0:1.1.34-9.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-24T00:00:00Z"}, {"advisory": "RHSA-2025:3627", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libxslt-0:1.1.34-11.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3528", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libxslt-0:1.1.34-10.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-04-02T00:00:00Z"}, {"advisory": "RHSA-2025:3389", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "libxslt-0:1.1.34-10.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:8303", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "rhcos-412.86.202505281830-0", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:4677", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "rhcos-413.92.202505061702-0", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7702", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "rhcos-414.92.202505141057-0", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:4422", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202504282058-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4731", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202505051351-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4431", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202504291434-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-05-09T00:00:00Z"}, {"advisory": "RHSA-2025:4427", "cpe": "cpe:/a:redhat:openshift:4.18::el9", "package": "rhcos-418.94.202504291430-0", "product_name": "Red Hat OpenShift Container Platform 4.18", "release_date": "2025-05-09T00:00:00Z"}], "bugzilla": {"description": "libxslt: Use-After-Free in libxslt numbers.c", "id": "2352483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.", "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-24855", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxslt", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-03-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24855\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24855\nhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/128"], "statement": "The use-after-free vulnerability in libxslt marked as a high severity rather than moderate due to its potential impact on system integrity and availability. This flaw arises during nested XPath evaluations where the context node can be modified without proper restoration, leading to use-after-free conditions. Exploitation of this vulnerability allows an attacker to execute arbitrary code, potentially causing significant disruptions or unauthorized actions within the affected system.", "threat_severity": "Important"}

{}