libxslt exsltFuncResultComp type confusion may lead to crash
CVE-2025-11731 Published on October 14, 2025
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Vulnerability Analysis
CVE-2025-11731 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Object Type Confusion Vulnerability?
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
CVE-2025-11731 has been classified to as an Object Type Confusion vulnerability or weakness.
Products Associated with CVE-2025-11731
stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux (RHEL) or Red Hat Openshift. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.