Description
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Published: 2025-06-16
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A use‑after‑free occurs in libxml2 when parsing an XML document that contains a schematron <sch:name path="..."/> element. The flaw allows an attacker to craft a malicious XML file that causes libxml2 to dereference freed memory, leading to a crash or other undefined behavior. The result is a denial of service, with the application terminating unexpectedly. This is a classic CWE‑825 issue.

Affected Systems

The affected products are all Red Hat offerings that ship libxml2, including Red Hat Enterprise Linux 6, 7, 8, 9, and 10, as well as several Red Hat OpenShift Container Platforms (4.12 through 4.20) and the cert‑manager operator for OpenShift. Multiple Red Hat Insights, Automatic Update Services, and hardened images are also impacted.

Risk and Exploitability

The CVSS score of 9.1 indicates a high‑severity vulnerability, while the EPSS score of less than 1% suggests low overall exploitation probability. The vulnerability is not currently listed in CISA’s KEV catalog. The likely attack vector is the exposure of a component that processes XML input; an attacker who can supply a crafted XML document can trigger the crash, which may be performed locally or remotely depending on the application’s exposure. Continued monitoring for unexpected crashes can help detect attempts while a patch is applied.

Generated by OpenCVE AI on April 20, 2026 at 16:24 UTC.

Remediation

Vendor Workaround

There's no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.

OpenCVE Recommended Actions

  • Update the system or application to the latest Red Hat errata that includes the libxml2 upgrade (e.g., RHSA‑2025:10630 and related packages).
  • As a temporary measure, avoid processing untrusted XML data until the libxml2 fix is installed; validate or sanitize XML input before parsing.
  • Monitor system logs for libxml2 crashes or segmentation faults that may indicate exploitation attempts.

Generated by OpenCVE AI on April 20, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4251-1 libxml2 security update
EUVD EUVD EUVD-2025-18412 A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Ubuntu USN Ubuntu USN USN-7694-1 libxml2 vulnerabilities
References
Link Providers
https://access.redhat.com/errata/RHSA-2025:10630 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10698 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10699 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:11580 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12098 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12099 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12199 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12237 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12239 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12241 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15397 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15827 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18219 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19020 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21913 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0934 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7519 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-49794 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2372373 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-49794 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-49794 cve-icon
History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Fri, 20 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 22 Jan 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Serverless
CPEs cpe:/a:redhat:openshift_serverless:1.36::el8
Vendors & Products Redhat openshift Serverless
References

Sat, 22 Nov 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift File Integrity Operator
CPEs cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Vendors & Products Redhat openshift File Integrity Operator
References

Thu, 13 Nov 2025 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 30 Oct 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
References

Wed, 29 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9
References

Mon, 27 Oct 2025 18:00:00 +0000

Type Values Removed Values Added
References

Fri, 24 Oct 2025 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
References

Wed, 22 Oct 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.19::el9
References

Wed, 22 Oct 2025 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.20::el9
References

Thu, 16 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cert Manager
CPEs cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products Redhat cert Manager
References

Wed, 08 Oct 2025 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 01 Oct 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Tue, 02 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4
Vendors & Products Redhat openshift

Thu, 07 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Wed, 30 Jul 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
References

Wed, 30 Jul 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Els
References

Wed, 30 Jul 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Tue, 29 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
References

Tue, 29 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
References

Tue, 29 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Wed, 23 Jul 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Thu, 10 Jul 2025 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9

Wed, 09 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 09 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 16 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Jun 2025 15:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Title libxml: Heap use after free (UAF) leads to Denial of service (DoS) Libxml: heap use after free (uaf) leads to denial of service (dos)
First Time appeared Redhat
Redhat enterprise Linux
Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jboss Core Services
References

Thu, 12 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libxml: Heap use after free (UAF) leads to Denial of service (DoS)
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important

Subscriptions

Redhat Cert Manager Enterprise Linux Hummingbird Insights Proxy Jboss Core Services Openshift Openshift File Integrity Operator Openshift Serverless Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-19T19:34:51.344Z

Reserved: 2025-06-10T22:17:05.286Z

Link: CVE-2025-49794

cve-icon Vulnrichment

Updated: 2025-11-03T20:05:25.109Z

cve-icon NVD

Status : Deferred

Published: 2025-06-16T16:15:18.997

Modified: 2026-04-19T20:16:20.960

Link: CVE-2025-49794

cve-icon Redhat

Severity : Important

Publid Date: 2025-06-10T00:00:00Z

Links: CVE-2025-49794 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses