CVE-2025-7424

Source
https://cve.org/CVERecord?id=CVE-2025-7424
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7424.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7424
Aliases
Downstream
Related
Published
2025-07-10T14:05:41.808Z
Modified
2026-07-15T01:48:55.310711527Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
Details

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7424.json",
    "cwe_ids": [
        "CWE-843"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.1.44"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type
GIT
Repo
https://github.com/gnome/libxml2
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "6.0"
        },
        {
            "last_affected": "6.0"
        }
    ],
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"
}

Affected versions

6.*
6.0
Other
LIBXML2_6_0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7424.json"