CVE-2025-7424

Summary

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Affected Software

VendorProductVersion RangeStatus
GNOMElibxslt0 < 1.1.44affected
Red HatRed Hat Enterprise Linux 100:2.12.5-8.el10_0 < *unaffected
Red HatRed Hat Enterprise Linux 100:1.1.39-8.el10_0 < *unaffected
Red HatRed Hat Hardened Images1.1.45-0.1.hum1 < *unaffected

Weaknesses

  • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References