A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Fixes

Solution

No solution given by the vendor.


Workaround

There's no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.

History

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Tue, 02 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4
Vendors & Products Redhat openshift

Thu, 07 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Wed, 06 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Wed, 30 Jul 2025 09:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
References

Wed, 30 Jul 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Els
References

Wed, 30 Jul 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Tue, 29 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
References

Tue, 29 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
References

Tue, 29 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
References

Wed, 23 Jul 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Thu, 10 Jul 2025 03:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9

Wed, 09 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 09 Jul 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Mon, 16 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Jun 2025 15:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Title libxml: Type confusion leads to Denial of service (DoS) Libxml: type confusion leads to denial of service (dos)
First Time appeared Redhat
Redhat enterprise Linux
Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat jboss Core Services
References

Thu, 12 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libxml: Type confusion leads to Denial of service (DoS)
Weaknesses CWE-125
References
Metrics threat_severity

None

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-15T17:57:52.455Z

Reserved: 2025-06-10T22:17:05.287Z

Link: CVE-2025-49796

cve-icon Vulnrichment

Updated: 2025-06-16T15:32:58.396Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-16T16:15:19.370

Modified: 2025-09-15T18:15:38.570

Link: CVE-2025-49796

cve-icon Redhat

Severity : Important

Publid Date: 2025-06-11T00:00:00Z

Links: CVE-2025-49796 - Bugzilla

cve-icon OpenCVE Enrichment

No data.