Critical Vulnerability Information Summary Advisory ID: RHSA-2025:12099 Release Date: 2025-07-29 Update Date: 2025-07-29 Type/Severity: Security Advisory - Important Subject Security update for libxml2, applicable to Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Description Security Fixes: - CVE-2025-49794: libxml: Use-after-free (UAF) leading to Denial of Service (DoS) - CVE-2025-49796: libxml2: Type confusion leading to Denial of Service (DoS) - CVE-2025-6021: libxml2: Integer overflow in xmlBuildQName() causing stack buffer overflow Solution Reference Link: How to apply this update Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixed Issues BZ-2372373: CVE-2025-49794 libxml: Use-after-free (UAF) leading to Denial of Service (DoS) BZ-2372385: CVE-2025-49796 libxml: Type confusion leading to Denial of Service (DoS) BZ-2372406: CVE-2025-6021 libxml2: Integer overflow in xmlBuildQName() causing stack buffer overflow CVEs CVE-2025-6021 CVE-2025-49794 CVE-2025-49796 References Security Update Classification