CVE-2025-7424

EUVD-2025-20995
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
xmlsoftlibxslt
-
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxslt
bookworm
1.1.35-1+deb12u3
fixed
bookworm (security)
1.1.35-1+deb12u3
fixed
bullseye
vulnerable
bullseye (security)
1.1.34-4+deb11u3
fixed
forky
1.1.43-0.3
fixed
sid
1.1.43-0.3
fixed
trixie
1.1.35-1.2+deb13u2
fixed
trixie (security)
1.1.35-1.2+deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxslt
bionic
Fixed 1.1.29-5ubuntu0.3+esm3
released
focal
Fixed 1.1.34-4ubuntu0.20.04.3+esm2
released
jammy
Fixed 1.1.34-4ubuntu0.22.04.5
released
noble
Fixed 1.1.39-0exp1ubuntu0.24.04.3
released
plucky
Fixed 1.1.39-0exp1ubuntu4.1
released
questing
Fixed 1.1.43-0.3
released
trusty
Fixed 1.1.28-2ubuntu0.2+esm5
released
xenial
Fixed 1.1.28-2.1ubuntu0.3+esm4
released
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-7424
https://bugzilla.redhat.com/show_bug.cgi?id=2379228
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/37
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html