CVE-2025-49794 - Vulnerability Details

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00251.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Cert Manager Enterprise Linux Insights Proxy Jboss Core Services Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
libxml2-0:2.12.5-7.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:10630	2025-07-08T00:00:00Z
Red Hat Enterprise Linux 8
libxml2-0:2.9.7-21.el8_10.1	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:10698	2025-07-09T00:00:00Z
libxml2-0:2.9.7-21.el8_10.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:10698	2025-07-09T00:00:00Z
Red Hat Enterprise Linux 9
libxml2-0:2.9.13-10.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:10699	2025-07-09T00:00:00Z
libxml2-0:2.9.13-10.el9_6	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:10699	2025-07-09T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4251-1	libxml2 security update
EUVD	EUVD-2025-18412	A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Ubuntu USN	USN-7694-1	libxml2 vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

There's no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:10630
https://access.redhat.com/errata/RHSA-2025:10698
https://access.redhat.com/errata/RHSA-2025:10699
https://access.redhat.com/errata/RHSA-2025:11580
https://access.redhat.com/errata/RHSA-2025:12098
https://access.redhat.com/errata/RHSA-2025:12099
https://access.redhat.com/errata/RHSA-2025:12199
https://access.redhat.com/errata/RHSA-2025:12237
https://access.redhat.com/errata/RHSA-2025:12239
https://access.redhat.com/errata/RHSA-2025:12240
https://access.redhat.com/errata/RHSA-2025:12241
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19020
https://access.redhat.com/errata/RHSA-2025:19041
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/security/cve/CVE-2025-49794
https://bugzilla.redhat.com/show_bug.cgi?id=2372373
https://nvd.nist.gov/vuln/detail/CVE-2025-49794
https://www.cve.org/CVERecord?id=CVE-2025-49794

History

Thu, 30 Oct 2025 06:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2025:19041

Wed, 29 Oct 2025 12:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.18::el9
References		https://access.redhat.com/errata/RHSA-2025:19046

Mon, 27 Oct 2025 18:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:19020

Fri, 24 Oct 2025 00:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2025:18240

Wed, 22 Oct 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.19::el9
References		https://access.redhat.com/errata/RHSA-2025:18217

Wed, 22 Oct 2025 05:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:18218

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.20::el9
References		https://access.redhat.com/errata/RHSA-2025:15397

Thu, 16 Oct 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat cert Manager
CPEs		cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products		Redhat cert Manager
References		https://access.redhat.com/errata/RHSA-2025:18219

Wed, 08 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Wed, 01 Oct 2025 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Mon, 15 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:webterminal:1.12::el9
References		https://access.redhat.com/errata/RHSA-2025:15827

Mon, 15 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat webterminal
CPEs		cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products		Redhat webterminal
References		https://access.redhat.com/errata/RHSA-2025:15828

Tue, 02 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4
Vendors & Products		Redhat openshift

Thu, 07 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2025:13335

Wed, 30 Jul 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:12237

Wed, 30 Jul 2025 07:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_els:7 cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:12239 https://access.redhat.com/errata/RHSA-2025:12240

Wed, 30 Jul 2025 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products		Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:12241

Tue, 29 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:12199

Tue, 29 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:12099

Tue, 29 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:12098

Wed, 23 Jul 2025 07:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:11580

Thu, 10 Jul 2025 03:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9

Wed, 09 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:8::baseos cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:10698 https://access.redhat.com/errata/RHSA-2025:10699

Wed, 09 Jul 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:10630

Mon, 16 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Jun 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Title	libxml: Heap use after free (UAF) leads to Denial of service (DoS)	Libxml: heap use after free (uaf) leads to denial of service (dos)
First Time appeared		Redhat Redhat enterprise Linux Redhat jboss Core Services
CPEs		cpe:/a:redhat:jboss_core_services:1 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat jboss Core Services
References		https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373

Thu, 12 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		libxml: Heap use after free (UAF) leads to Denial of service (DoS)
Weaknesses		CWE-825
References		https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://www.cve.org/CVERecord?id=CVE-2025-49794
Metrics	threat_severity `None`	cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-06-16T15:24:31.020Z

Updated: 2025-10-30T05:42:32.730Z

Reserved: 2025-06-10T22:17:05.286Z

Link: CVE-2025-49794

Vulnrichment

Updated: 2025-06-16T15:50:49.909Z

NVD

Status : Awaiting Analysis

Published: 2025-06-16T16:15:18.997

Modified: 2025-10-30T06:15:44.000

Link: CVE-2025-49794

Redhat

Severity : Important

Publid Date: 2025-06-10T00:00:00Z

Links: CVE-2025-49794 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object