CVE-2025-49794
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="…"/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 2.15.0 | affected | ||
| Red Hat | Red Hat Enterprise Linux 10 | 0:2.12.5-7.el10_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:2.9.1-6.el7_9.10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.9.7-21.el8_10.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.9.7-21.el8_10.1 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 0:2.9.7-9.el8_2.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 0:2.9.7-9.el8_4.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 0:2.9.7-9.el8_4.6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 0:2.9.7-13.el8_6.10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 0:2.9.7-13.el8_6.10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 0:2.9.7-13.el8_6.10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 0:2.9.7-16.el8_8.9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 0:2.9.7-16.el8_8.9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.9.13-10.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.9.13-10.el9_6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:2.9.13-1.el9_0.5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:2.9.13-3.el9_2.7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:2.9.13-10.el9_4 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 412.86.202510291903-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.13 | 413.92.202510150118-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.14 | 414.92.202510211419-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 417.94.202510112152-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.18 | 418.94.202510230424-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.19 | 4.19.9.6.202510140714-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.20 | 4.20.9.6.202509251656-0 < * | unaffected |
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 | 1.11-19 < * | unaffected |
| Red Hat | Red Hat Web Terminal 1.11 on RHEL 9 | 1.11-8 < * | unaffected |
| Red Hat | Red Hat Web Terminal 1.12 on RHEL 9 | 1.12-4 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-11 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-11 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-11 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-10 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-10 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-4 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-9 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-12 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-18 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-11 < * | unaffected |
| Red Hat | RHOSS-1.36-RHEL-8 | 1.36.0-7 < * | unaffected |
| Red Hat | cert-manager operator for Red Hat OpenShift 1.16 | v1.16.5-1760515757 < * | unaffected |
| Red Hat | OpenShift File Integrity Operator - FIO 1 | v1.3 < * | unaffected |
| Red Hat | Red Hat Hardened Images | 2.15.2-0.3.hum1 < * | unaffected |
| Red Hat | Red Hat Insights proxy 1.5 | 1.5.5-1754504343 < * | unaffected |
Weaknesses
- CWE-825: Expired Pointer Dereference
Workarounds
There's no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-577017.html
- https://cert-portal.siemens.com/productcert/html/ssa-253495.html
References
- https://access.redhat.com/errata/RHSA-2025:10630
- https://access.redhat.com/errata/RHSA-2025:10698
- https://access.redhat.com/errata/RHSA-2025:10699
- https://access.redhat.com/errata/RHSA-2025:11580
- https://access.redhat.com/errata/RHSA-2025:12098
- https://access.redhat.com/errata/RHSA-2025:12099
- https://access.redhat.com/errata/RHSA-2025:12199
- https://access.redhat.com/errata/RHSA-2025:12237
- https://access.redhat.com/errata/RHSA-2025:12239
- https://access.redhat.com/errata/RHSA-2025:12240
- https://access.redhat.com/errata/RHSA-2025:12241
- https://access.redhat.com/errata/RHSA-2025:13335
- https://access.redhat.com/errata/RHSA-2025:15397
- https://access.redhat.com/errata/RHSA-2025:15827
- https://access.redhat.com/errata/RHSA-2025:15828
- https://access.redhat.com/errata/RHSA-2025:18217
- https://access.redhat.com/errata/RHSA-2025:18218
- https://access.redhat.com/errata/RHSA-2025:18219
- https://access.redhat.com/errata/RHSA-2025:18240
- https://access.redhat.com/errata/RHSA-2025:19020
- https://access.redhat.com/errata/RHSA-2025:19041
- https://access.redhat.com/errata/RHSA-2025:19046
- https://access.redhat.com/errata/RHSA-2025:19894
- https://access.redhat.com/errata/RHSA-2025:21913
- https://access.redhat.com/errata/RHSA-2026:0934
- https://access.redhat.com/errata/RHSA-2026:7519
- https://access.redhat.com/security/cve/CVE-2025-49794
- https://bugzilla.redhat.com/show_bug.cgi?id=2372373
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.