Description
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Published: 2025-07-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution / Crash
Action: Apply Updates
AI Analysis

Impact

A heap use‑after‑free flaw exists in libxslt caused by corruption of the attribute type field during XSLT processing. The vulnerability can lead to crashes or, if exploited, to arbitrary heap corruption. The affected memory area is used for ID attribute cleanup. The weakness is enumerated as CWE‑416.

Affected Systems

This vulnerability impacts the libxslt library bundled with GNOME’s libxml2 and is present in many Red Hat products, including Red Hats Enterprise Linux releases 6 through 10, the Red Hat OpenShift Container Platform (4.12–4.19), Red Hat OpenShift distributed tracing, file‑integrity operator, compliance operator, and several Red Hat tools such as the Discovery appliance, Insights proxy, and Web Terminal. All affected systems that invoke libxslt for XSLT transformations, whether in user applications or system services, are susceptible.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high severity, while an EPSS score of less than 1% indicates a low probability of active exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread publicly available exploits at the time of analysis. Exploitation requires an attacker to supply malicious XSLT input to a running process that uses libxslt; if successful, the attacker could cause a crash or achieve arbitrary code execution via heap corruption. The likely attack vector is remote or local depending on how the vulnerable XSLT engine is exposed, but the impact is limited to the compromised process.

Generated by OpenCVE AI on April 20, 2026 at 18:06 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply the latest Red Hat Security Advisories that update libxslt to the fixed version (e.g., RHSA‑2025:13311).
  • For OpenShift clusters, upgrade the underlying RHEL nodes and OpenShift distribution to include the hardened libxslt package.
  • Where possible, restrict or sanitize XSLT input to trusted data sources and avoid processing untrusted XML/XSLT payloads.
  • No workaround that meets Red Hat criteria is available; rely on the official patch.

Generated by OpenCVE AI on April 20, 2026 at 18:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4319-1 libxml2 security update
Debian DSA Debian DSA DSA-5990-1 libxml2 security update
EUVD EUVD EUVD-2025-20998 A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Ubuntu USN Ubuntu USN USN-7852-1 libxml2 vulnerability
Ubuntu USN Ubuntu USN USN-7852-2 libxml2 vulnerability
Ubuntu USN Ubuntu USN USN-7896-1 libxml2 vulnerabilities
References
Link Providers
http://seclists.org/fulldisclosure/2025/Aug/0 cve-icon
http://seclists.org/fulldisclosure/2025/Jul/30 cve-icon
http://seclists.org/fulldisclosure/2025/Jul/32 cve-icon
http://seclists.org/fulldisclosure/2025/Jul/35 cve-icon
http://seclists.org/fulldisclosure/2025/Jul/37 cve-icon
http://www.openwall.com/lists/oss-security/2025/07/11/2 cve-icon
https://access.redhat.com/errata/RHBA-2025:12345 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12447 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:12450 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13267 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13308 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13309 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13310 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13311 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13312 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13313 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13314 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13335 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13464 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:13622 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14059 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14396 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14818 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14819 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14853 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:14858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15308 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15672 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15827 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15828 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:18219 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21913 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:0934 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11503 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-7425 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2379274 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 cve-icon cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-7425 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-7425 cve-icon
History

Thu, 30 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
References

Wed, 29 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

Tue, 14 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Thu, 22 Jan 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Serverless
CPEs cpe:/a:redhat:openshift_serverless:1.36::el8
Vendors & Products Redhat openshift Serverless
References

Sat, 22 Nov 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift File Integrity Operator
CPEs cpe:/a:redhat:openshift_file_integrity_operator:1::el9
Vendors & Products Redhat openshift File Integrity Operator
References

Thu, 20 Nov 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Compliance Operator
CPEs cpe:/a:redhat:openshift_compliance_operator:1::el9
Vendors & Products Redhat openshift Compliance Operator
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 16 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cert Manager
CPEs cpe:/a:redhat:cert_manager:1.16::el9
Vendors & Products Redhat cert Manager
References

Wed, 08 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Fri, 03 Oct 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Thu, 18 Sep 2025 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
References

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Thu, 11 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.12::el8
References

Thu, 04 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el9
cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:openshift:4.18::el9
References

Tue, 02 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.19::el9
References

Wed, 27 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift:4.15::el9
cpe:/a:redhat:openshift:4.17::el9
References

Mon, 11 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Vendors & Products Redhat openshift Distributed Tracing
References

Thu, 07 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els
References

Thu, 07 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
Redhat rhel Aus
Redhat rhel Eus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_eus:9.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat insights Proxy
Redhat rhel Aus
Redhat rhel Eus
Redhat rhel Eus Long Life
References

Thu, 07 Aug 2025 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel E4s
Redhat rhel Tus
References

Wed, 06 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Thu, 31 Jul 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Thu, 31 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00012}

 epss

{'score': 0.00015}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00012}

Thu, 10 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Title libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Thu, 10 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
Weaknesses CWE-416
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H'}

threat_severity

Important

Subscriptions

Redhat Cert Manager Discovery Enterprise Linux Hummingbird Insights Proxy Openshift Openshift Compliance Operator Openshift Distributed Tracing Openshift File Integrity Operator Openshift Serverless Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-30T16:05:29.983Z

Reserved: 2025-07-10T08:44:06.287Z

Link: CVE-2025-7425

cve-icon Vulnrichment

Updated: 2025-11-04T21:14:55.508Z

cve-icon NVD

Status : Deferred

Published: 2025-07-10T14:15:27.877

Modified: 2026-04-30T16:16:41.023

Link: CVE-2025-7425

cve-icon Redhat

Severity : Important

Publid Date: 2025-07-10T00:00:00Z

Links: CVE-2025-7425 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses