CVE-2025-7425 - Vulnerability Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Redhat	Discovery Enterprise Linux Insights Proxy Openshift Openshift Distributed Tracing Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:12447
https://access.redhat.com/errata/RHSA-2025:12450
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13308
https://access.redhat.com/errata/RHSA-2025:13309
https://access.redhat.com/errata/RHSA-2025:13310
https://access.redhat.com/errata/RHSA-2025:13311
https://access.redhat.com/errata/RHSA-2025:13312
https://access.redhat.com/errata/RHSA-2025:13313
https://access.redhat.com/errata/RHSA-2025:13314
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:13464
https://access.redhat.com/errata/RHSA-2025:13622
https://access.redhat.com/errata/RHSA-2025:14059
https://access.redhat.com/errata/RHSA-2025:14396
https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://nvd.nist.gov/vuln/detail/CVE-2025-7425
https://www.cve.org/CVERecord?id=CVE-2025-7425

History

Wed, 27 Aug 2025 22:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:14059 https://access.redhat.com/errata/RHSA-2025:14396

Mon, 11 Aug 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Vendors & Products		Redhat openshift Distributed Tracing
References		https://access.redhat.com/errata/RHSA-2025:13622

Thu, 07 Aug 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:13464

Thu, 07 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy Redhat rhel Aus Redhat rhel Eus Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9 cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat insights Proxy Redhat rhel Aus Redhat rhel Eus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:13308 https://access.redhat.com/errata/RHSA-2025:13309 https://access.redhat.com/errata/RHSA-2025:13310 https://access.redhat.com/errata/RHSA-2025:13311 https://access.redhat.com/errata/RHSA-2025:13312 https://access.redhat.com/errata/RHSA-2025:13335

Thu, 07 Aug 2025 05:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:13313 https://access.redhat.com/errata/RHSA-2025:13314

Wed, 06 Aug 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2025:13267

Thu, 31 Jul 2025 16:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:12450

Thu, 31 Jul 2025 16:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:12447

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00012}`	epss `{'score': 0.00015}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 0.00012}`

Thu, 10 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 10 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Title	libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr	Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274

Thu, 10 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
Weaknesses		CWE-416
References		https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://www.cve.org/CVERecord?id=CVE-2025-7425
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-10T13:53:37.295Z

Updated: 2025-08-27T21:47:32.813Z

Reserved: 2025-07-10T08:44:06.287Z

Link: CVE-2025-7425

Vulnrichment

Updated: 2025-07-10T15:21:22.561Z

NVD

Status : Undergoing Analysis

Published: 2025-07-10T14:15:27.877

Modified: 2025-08-27T22:15:58.397

Link: CVE-2025-7425

Redhat

Severity : Important

Publid Date: 2025-07-10T00:00:00Z

Links: CVE-2025-7425 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object