CVE-2025-7425

7.8 HIGH

Published: July 10, 2025 Modified: November 22, 2025

Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12447

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:12450

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13267

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13308

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13309

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13310

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13311

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13312

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13313

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13314

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13335

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13464

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:13622

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14059

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14396

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14818

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14819

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14853

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:14858

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:15308

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:15672

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:15827

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:15828

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:18219

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21885

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:21913

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-7425

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2379274

Source: secalert@redhat.com

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2025/Aug/0

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/30

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/32

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/35

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/37

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/07/11/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

37 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.0%

8th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-416

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A