A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.

History

Wed, 01 Oct 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 09 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 16 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Jun 2025 15:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
Title libxml: Null pointer dereference leads to Denial of service (DoS) Libxml: null pointer dereference leads to denial of service (dos)
First Time appeared Redhat
Redhat enterprise Linux
Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jboss Core Services
References

Sat, 14 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Thu, 12 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libxml: Null pointer dereference leads to Denial of service (DoS)
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-10-01T00:55:28.772Z

Reserved: 2025-06-10T22:17:05.286Z

Link: CVE-2025-49795

cve-icon Vulnrichment

Updated: 2025-06-16T15:30:31.217Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-16T16:15:19.203

Modified: 2025-07-09T03:15:30.183

Link: CVE-2025-49795

cve-icon Redhat

Severity : Important

Publid Date: 2025-06-11T00:00:00Z

Links: CVE-2025-49795 - Bugzilla

cve-icon OpenCVE Enrichment

No data.