CVE-2025-7425— Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

CVSS 7.8 · High EPSS 0.19% · P41 Updated May 01, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-7425

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

释放后使用

Source: NVD (National Vulnerability Database)

Vulnerability Title

Libxslt 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Libxslt是Libxslt开源的一个为 GNOME 项目开发的 XSLT C 库。 Libxslt存在安全漏洞，该漏洞源于属性类型atype和标志修改不当，可能导致内存管理损坏和堆损坏。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
GNOME	libxml2	0 ~ 2.15.2	-
Red Hat	Red Hat Enterprise Linux 10	0:2.12.5-8.el10_0 ~ *	`cpe:/o:redhat:enterprise_linux:10.0`
Red Hat	Red Hat Enterprise Linux 10	0:1.1.39-8.el10_0 ~ *	`cpe:/o:redhat:enterprise_linux:10.0`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	0:2.9.1-6.el7_9.12 ~ *	`cpe:/o:redhat:rhel_els:7`
Red Hat	Red Hat Enterprise Linux 8	0:2.9.7-21.el8_10.2 ~ *	`cpe:/a:redhat:enterprise_linux:8::appstream`
Red Hat	Red Hat Enterprise Linux 8	0:2.9.7-21.el8_10.2 ~ *	`cpe:/a:redhat:enterprise_linux:8::appstream`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	0:2.9.7-9.el8_2.4 ~ *	`cpe:/a:redhat:rhel_aus:8.2::appstream`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:2.9.7-9.el8_4.7 ~ *	`cpe:/a:redhat:rhel_aus:8.4::appstream`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	0:2.9.7-9.el8_4.7 ~ *	`cpe:/a:redhat:rhel_aus:8.4::appstream`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	0:2.9.7-13.el8_6.11 ~ *	`cpe:/a:redhat:rhel_aus:8.6::appstream`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	0:2.9.7-13.el8_6.11 ~ *	`cpe:/a:redhat:rhel_aus:8.6::appstream`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	0:2.9.7-13.el8_6.11 ~ *	`cpe:/a:redhat:rhel_aus:8.6::appstream`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	0:2.9.7-16.el8_8.10 ~ *	`cpe:/a:redhat:rhel_e4s:8.8::appstream`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	0:2.9.7-16.el8_8.10 ~ *	`cpe:/a:redhat:rhel_e4s:8.8::appstream`
Red Hat	Red Hat Enterprise Linux 9	0:2.9.13-11.el9_6 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9	0:2.9.13-11.el9_6 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	0:2.9.13-1.el9_0.6 ~ *	`cpe:/a:redhat:rhel_e4s:9.0::appstream`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	0:2.9.13-3.el9_2.8 ~ *	`cpe:/a:redhat:rhel_e4s:9.2::appstream`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	0:2.9.13-11.el9_4 ~ *	`cpe:/a:redhat:rhel_eus:9.4::appstream`
Red Hat	Red Hat OpenShift Container Platform 4.12	412.86.202509030110-0 ~ *	`cpe:/a:redhat:openshift:4.12::el8`
Red Hat	Red Hat OpenShift Container Platform 4.13	413.92.202509030117-0 ~ *	`cpe:/a:redhat:openshift:4.13::el9`
Red Hat	Red Hat OpenShift Container Platform 4.14	414.92.202508270040-0 ~ *	`cpe:/a:redhat:openshift:4.14::el9`
Red Hat	Red Hat OpenShift Container Platform 4.15	415.92.202508192014-0 ~ *	`cpe:/a:redhat:openshift:4.15::el9`
Red Hat	Red Hat OpenShift Container Platform 4.16	416.94.202508261955-0 ~ *	`cpe:/a:redhat:openshift:4.16::el9`
Red Hat	Red Hat OpenShift Container Platform 4.17	417.94.202508141510-0 ~ *	`cpe:/a:redhat:openshift:4.17::el9`
Red Hat	Red Hat OpenShift Container Platform 4.18	418.94.202508261658-0 ~ *	`cpe:/a:redhat:openshift:4.18::el9`
Red Hat	Red Hat OpenShift Container Platform 4.19	4.19.9.6.202508271124-0 ~ *	`cpe:/a:redhat:openshift:4.19::el9`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	1.11-19 ~ *	`cpe:/a:redhat:webterminal:1.11::el9`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	1.11-8 ~ *	`cpe:/a:redhat:webterminal:1.11::el9`
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	1.12-4 ~ *	`cpe:/a:redhat:webterminal:1.12::el9`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-10 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-10 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-4 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-9 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-18 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-7 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	v1.16.5-1760515757 ~ *	`cpe:/a:redhat:cert_manager:1.16::el9`
Red Hat	File Integrity Operator 1	v1.3 ~ *	`cpe:/a:redhat:openshift_file_integrity_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	1.8.0 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	1.8.0 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	1.8.0 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	Red Hat Discovery 2	2.0.1-1754478727 ~ *	`cpe:/a:redhat:discovery:2::el9`
Red Hat	Red Hat Hardened Images	2.15.3-0.1.hum1 ~ *	`cpe:/a:redhat:hummingbird:1`
Red Hat	Red Hat Insights proxy 1.5	1.5.5-1754504343 ~ *	`cpe:/a:redhat:insights_proxy:1.5::el9`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559657 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559845 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559691 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559660 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559663 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559657 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754569861 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559846 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	rhosdt-3.5-1754559651 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`

II. Public POCs for CVE-2025-7425

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-7425

请登录查看更多情报信息。

https://access.redhat.com/errata/RHSA-2025:21885vendor-advisoryx_refsource_REDHAT
RHSA-2025:14396 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2025:18219 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2025:13312 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2025:13267 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2025:14819 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21913vendor-advisoryx_refsource_REDHAT
RHSA-2025:14059 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2025:12345vendor-advisoryx_refsource_REDHAT
RHSA-2025:14818 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
RHSA-2025:12447 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2025-7425

IV. Related Vulnerabilities

Same product: libxml2

Same vendor: GNOME

Same weakness: CWE-416

V. Comments for CVE-2025-7425

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-7425— Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

I. Basic Information for CVE-2025-7425

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-7425

III. Intelligence Information for CVE-2025-7425

IV. Related Vulnerabilities

V. Comments for CVE-2025-7425

Leave a comment