CVE-2025-9714

EUVD-2025-27609
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
xmlsoftlibxml2
𝑥
< 2.10.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensRUGGEDCOM ROX MX5000
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX MX5000RE
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1400
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1500
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1501
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1510
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1511
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1512
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1524
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX1536
𝑥
< V2.17.1
ADP
SiemensRUGGEDCOM ROX RX5000
𝑥
< V2.17.1
ADP
Debian logo
Debian Releases
Debian Product
Codename
libxml2
bookworm
2.9.14+dfsg-1.3~deb12u5
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
2.9.10+dfsg-6.7+deb11u9
fixed
forky
2.15.2+dfsg-0.1
fixed
sid
2.15.2+dfsg-0.1
fixed
trixie
2.12.7+dfsg+really2.9.14-2.1+deb13u2
fixed
trixie (security)
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libxml2-2
suse enterprise server 12 SP3
2.9.4-46.93.1
fixed
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
libxml2-2-32bit
suse enterprise server 12 SP3
2.9.4-46.93.1
fixed
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
libxml2-devel
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
libxml2-doc
suse enterprise server 12 SP3
2.9.4-46.93.1
fixed
libxml2-tools
suse enterprise server 12 SP3
2.9.4-46.93.1
fixed
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
python-libxml2
suse enterprise server 12 SP3
2.9.4-46.93.1
fixed
python3-libxml2
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
python311-libxml2
suse enterprise server 15 SP4
2.9.14-150400.5.50.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libxml2
RHEL 8
0:2.9.7-21.el8_10.4
fixed
RHEL 8.4 AUS
0:2.9.7-9.el8_4.9
fixed
RHEL 8.6 AUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 E4S
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 TUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.8 E4S
0:2.9.7-16.el8_8.13
fixed
RHEL 8.8 TUS
0:2.9.7-16.el8_8.13
fixed
RHEL 9
0:2.9.13-14.el9_7
fixed
libxml2-devel
RHEL 8
0:2.9.7-21.el8_10.4
fixed
RHEL 8.4 AUS
0:2.9.7-9.el8_4.9
fixed
RHEL 8.6 AUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 E4S
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 TUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.8 E4S
0:2.9.7-16.el8_8.13
fixed
RHEL 8.8 TUS
0:2.9.7-16.el8_8.13
fixed
RHEL 9
0:2.9.13-14.el9_7
fixed
python3-libxml2
RHEL 8
0:2.9.7-21.el8_10.4
fixed
RHEL 8.4 AUS
0:2.9.7-9.el8_4.9
fixed
RHEL 8.6 AUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 E4S
0:2.9.7-13.el8_6.13
fixed
RHEL 8.6 TUS
0:2.9.7-13.el8_6.13
fixed
RHEL 8.8 E4S
0:2.9.7-16.el8_8.13
fixed
RHEL 8.8 TUS
0:2.9.7-16.el8_8.13
fixed
RHEL 9
0:2.9.13-14.el9_7
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
https://cert-portal.siemens.com/productcert/html/ssa-577017.html