CVE-2025-49795

Summary

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Affected Software

VendorProductVersion RangeStatus
0 < 2.15.0affected
Red HatRed Hat Enterprise Linux 100:2.12.5-7.el10_0 < *unaffected
Red HatRed Hat Hardened Images2.15.2-0.3.hum1 < *unaffected

Weaknesses

  • CWE-825: Expired Pointer Dereference

Workarounds

Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

Additional References

References