Description
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Published: 2025-06-16
Score: 9.1 Critical
EPSS: 1.8% Low
KEV: No
Impact: Denial of Service due to memory corruption
Action: Immediate Patch
AI Analysis

Impact

A flaw in libxml2’s handling of certain sch:name elements can corrupt memory. When an attacker supplies a tailored XML file, libxml processes it and may write beyond the bounds of the stack or heap, which causes the library to crash. The resulting denial of service is amplified by the possibility that sensitive data could also be overwritten, potentially exposing confidential information or enabling further exploitation if memory corruption is abused.

Affected Systems

Red Hat customers running libxml2 on multiple Red Hat distributions and products are impacted, including Enterprise Linux 6, 7, 8, 9, 10, the Red Hat Enterprise Linux Extended Update Supports (e.g., 8.2, 8.4, 8.6, 8.8, 9.0, 9.2, 9.4), the Red Hat Hardened Images, RHOSS OpenShift and Serverless components (4.12 through 4.20), Red Hat Discovery, Red Hat Insights Proxy, Red Hat JBoss Core Services, Red Hat Web Terminal (1.11 and 1.12 on RHEL 9), and the cert‑manager operator (1.16). All listed versions are mentioned in the referenced errata.

Risk and Exploitability

The CVSS score of 9.1 classifies this as critical, and the EPSS of 2% indicates a moderate likelihood that exploit code could surface. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS and the impact on core XML processing libraries mean that any service parsing untrusted XML is at risk. The attack path evidently requires the attacker to supply or influence the XML content; once that is done, an out‑of‑bounds read (CWE‑125) leads to a crash, disabling the affected service.

Generated by OpenCVE AI on April 20, 2026 at 16:25 UTC.

Remediation

Vendor Workaround

There's no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.

OpenCVE Recommended Actions

  • Apply the Red Hat errata updates (e.g., RHSA‑2025:10630, RHSA‑2025:10698, RHSA‑2025:10699, etc.) that contain the libxml2 patch for all affected RHEL and OpenShift versions.
  • If an immediate update is not possible, stop processing any XML that arrives from untrusted or external sources, as the workaround states that the only mitigation is to avoid parsing such data.
  • Update deployments or container images that embed libxml2, redeploy services with the patched library, and monitor logs for crashes or abnormal memory usage to confirm the fix.

Generated by OpenCVE AI on April 20, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4251-1 libxml2 security update
EUVD EUVD EUVD-2025-18415 A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Ubuntu USN Ubuntu USN USN-7694-1 libxml2 vulnerabilities
References
Link Providers
https://access.redhat.com/errata/RHSA-2025:10630 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10698 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:10699 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:11580 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12098 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12099 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12199 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12237 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12239 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12241 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13267 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15397 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15827 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18217 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18218 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18219 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18240 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19020 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19041 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:19894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21913 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0934 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7519 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-49796 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2372385 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-49796 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-49796 cve-icon
History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Fri, 20 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 22 Jan 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Serverless
CPEs cpe:/a:redhat:openshift_serverless:1.36::el8
Vendors & Products Redhat openshift Serverless
References

Sat, 22 Nov 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift File Integrity Operator
CPEs cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Vendors & Products Redhat openshift File Integrity Operator
References

Thu, 13 Nov 2025 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 30 Oct 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
References

Wed, 29 Oct 2025 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.18::el9
References

Mon, 27 Oct 2025 18:00:00 +0000

Type Values Removed Values Added
References

Fri, 24 Oct 2025 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
References

Wed, 22 Oct 2025 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.19::el9
References

Wed, 22 Oct 2025 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.20::el9
References

Thu, 16 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cert Manager
CPEs cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products Redhat cert Manager
References

Wed, 08 Oct 2025 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 01 Oct 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Tue, 02 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4
Vendors & Products Redhat openshift

Thu, 07 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Wed, 06 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Wed, 30 Jul 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
References

Wed, 30 Jul 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Els
References

Wed, 30 Jul 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Tue, 29 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
References

Tue, 29 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
References

Tue, 29 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Wed, 23 Jul 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Thu, 10 Jul 2025 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9

Wed, 09 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 09 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 16 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Jun 2025 15:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Title libxml: Type confusion leads to Denial of service (DoS) Libxml: type confusion leads to denial of service (dos)
First Time appeared Redhat
Redhat enterprise Linux
Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jboss Core Services
References

Thu, 12 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libxml: Type confusion leads to Denial of service (DoS)
Weaknesses CWE-125
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important

Subscriptions

Redhat Cert Manager Discovery Enterprise Linux Hummingbird Insights Proxy Jboss Core Services Openshift Openshift File Integrity Operator Openshift Serverless Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-19T19:34:58.936Z

Reserved: 2025-06-10T22:17:05.287Z

Link: CVE-2025-49796

cve-icon Vulnrichment

Updated: 2025-11-03T20:05:26.711Z

cve-icon NVD

Status : Deferred

Published: 2025-06-16T16:15:19.370

Modified: 2026-04-19T20:16:21.710

Link: CVE-2025-49796

cve-icon Redhat

Severity : Important

Publid Date: 2025-06-11T00:00:00Z

Links: CVE-2025-49796 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses