libxslt Heap Corruption via atype Flag Manipulation
CVE-2025-7425 Published on July 10, 2025

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-7425 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-7425. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2025-7425 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2025-7425

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-7425 are published in these products:

Apple Safari

Apple iOS

Apple iPadOS

Apple macOS

Apple watchOS

Apple tvOS

Apple visionOS

Rhelels 7

Enterpriselinux 8

Rhelaus 8 2

Rhelaus 8 4

Rheleuslonglife 8 4

Rhele4s 8 6

Rhelaus 8 6

Rheltus 8 6

Rhele4s 8 8

Rheltus 8 8

Enterpriselinux 9

Rhele4s 9 0

Rhele4s 9 2

Rheleus 9 4

Openshift 4 12

Openshift 4 14

Openshift 4 15

Openshift 4 16

Openshift 4 17

Openshift 4 18

Openshift 4 19

Discovery 2

Insightsproxy 1 5

Openshiftdistributedtracing 3 5

Enterpriselinux 10

Enterpriselinux 6

Red Hat Rhel Els

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Aus

Red Hat Rhel Eus Long Life

Red Hat Rhel E4s

Red Hat Rhel Tus

Red Hat Rhel Eus

Red Hat Openshift

Red Hat Webterminal

Red Hat Discovery

Red Hat Insights Proxy

Red Hat Openshift Distributed Tracing

Red Hat Rhivos

Red Hat Cert Manager

Oracle

Red Hat Openshift Compliance Operator

Red Hat Openshift File Integrity Operator

Canonical Ubuntu Linux

Red Hat Openshift Serverless

Affected Versions

GNOME libxml2:

Before 2.15.2 is affected.

Red Hat Enterprise Linux 7 Extended Lifecycle Support:

Version 0:2.9.1-6.el7_9.12 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:2.9.7-21.el8_10.2 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:2.9.7-21.el8_10.2 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:2.9.7-9.el8_2.4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:2.9.7-9.el8_4.7 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On:

Version 0:2.9.7-9.el8_4.7 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 0:2.9.7-13.el8_6.11 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 0:2.9.7-13.el8_6.11 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 0:2.9.7-13.el8_6.11 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 0:2.9.7-16.el8_8.10 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 0:2.9.7-16.el8_8.10 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:2.9.13-11.el9_6 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:2.9.13-11.el9_6 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:2.9.13-1.el9_0.6 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:2.9.13-3.el9_2.8 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:2.9.13-11.el9_4 and below * is unaffected.

Red Hat OpenShift Container Platform 4.12:

Version 412.86.202509030110-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.13:

Version 413.92.202509030117-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.14:

Version 414.92.202508270040-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.15:

Version 415.92.202508192014-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.16:

Version 416.94.202508261955-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.17:

Version 417.94.202508141510-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.18:

Version 418.94.202508261658-0 and below * is unaffected.

Red Hat OpenShift Container Platform 4.19:

Version 4.19.9.6.202508271124-0 and below * is unaffected.

Red Hat Web Terminal 1.11 on RHEL 9:

Version 1.11-19 and below * is unaffected.

Red Hat Web Terminal 1.11 on RHEL 9:

Version 1.11-8 and below * is unaffected.

Red Hat Web Terminal 1.12 on RHEL 9:

Version 1.12-4 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-11 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-11 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-11 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-10 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-10 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-4 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-9 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-12 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-18 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-11 and below * is unaffected.

Red Hat RHOSS-1.36-RHEL-8:

Version 1.36.0-7 and below * is unaffected.

cert-manager operator for Red Hat OpenShift 1.16:

Version sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b and below * is unaffected.

Red Hat Compliance Operator 1:

Version sha256:6ab41bd207ae7e33f29adc87e208366472654bb5fb9b1854234cc5674ecc169e and below * is unaffected.

Red Hat Compliance Operator 1:

Version sha256:8294e4b1b531457282270c375f4045ea2baf20a0a8a637006364096a9dec3c41 and below * is unaffected.

Red Hat Compliance Operator 1:

Version sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02 and below * is unaffected.

Red Hat File Integrity Operator 1:

Version sha256:86d2378dea6c26da92e19e1a8dc9c9fb0fa8587fd60f83e6cc4503153e753db9 and below * is unaffected.

Red Hat Discovery 2:

Version sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344 and below * is unaffected.

Red Hat Insights proxy 1.5:

Version sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 and below * is unaffected.