Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Published

2025-07-10T14:15:27.877

Last Modified

2025-08-11T15:15:28.383

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

References

https://access.redhat.com/errata/RHSA-2025:12447 ([email protected])
https://access.redhat.com/errata/RHSA-2025:12450 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13267 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13308 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13309 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13310 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13311 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13312 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13313 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13314 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13335 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13464 ([email protected])
https://access.redhat.com/errata/RHSA-2025:13622 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-7425 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2379274 ([email protected])
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 ([email protected])
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 (134c704f-9b21-4f2e-91b3-4a467353bcc0)