CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
xmlsoftlibxslt
-
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxslt
bullseye
vulnerable
bullseye (security)
1.1.34-4+deb11u3
fixed
bookworm
1.1.35-1+deb12u3
fixed
bookworm (security)
1.1.35-1+deb12u3
fixed
trixie (security)
1.1.35-1.2+deb13u2
fixed
trixie
1.1.35-1.2+deb13u2
fixed
forky
1.1.43-0.3
fixed
sid
1.1.43-0.3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxslt
questing
Fixed 1.1.43-0.3
released
plucky
Fixed 1.1.39-0exp1ubuntu4.1
released
noble
Fixed 1.1.39-0exp1ubuntu0.24.04.3
released
jammy
Fixed 1.1.34-4ubuntu0.22.04.5
released
focal
Fixed 1.1.34-4ubuntu0.20.04.3+esm2
released
bionic
Fixed 1.1.29-5ubuntu0.3+esm3
released
xenial
Fixed 1.1.28-2.1ubuntu0.3+esm4
released
trusty
Fixed 1.1.28-2ubuntu0.2+esm5
released
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-7424
https://bugzilla.redhat.com/show_bug.cgi?id=2379228
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/37
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html