Untriaged
Permalink
CVE-2025-7425
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
References
Affected products
rhcos
- *
libxml2
- *
- <2.15.2
libxslt
rhosdt/jaeger-agent-rhel8
- *
rhosdt/jaeger-query-rhel8
- *
rhosdt/jaeger-ingester-rhel8
- *
rhosdt/jaeger-rhel8-operator
- *
rhosdt/jaeger-collector-rhel8
- *
rhosdt/jaeger-operator-bundle
- *
rhosdt/jaeger-all-in-one-rhel8
- *
rhosdt/jaeger-es-rollover-rhel8
- *
discovery/discovery-server-rhel9
- *
rhosdt/jaeger-es-index-cleaner-rhel8
- *
web-terminal/web-terminal-tooling-rhel9
- *
cert-manager/jetstack-cert-manager-rhel9
- *
web-terminal/web-terminal-rhel9-operator
- *
openshift-serverless-1/logic-rhel8-operator
- *
openshift-serverless-1/logic-operator-bundle
- *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
- *
registry.redhat.io/rhosdt/jaeger-query-rhel8
- *
insights-proxy/insights-proxy-container-rhel9
- *
compliance/openshift-compliance-openscap-rhel8
- *
compliance/openshift-compliance-rhel8-operator
- *
openshift-serverless-1/logic-swf-builder-rhel8
- *
openshift-serverless-1/logic-swf-devmode-rhel8
- *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
- *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
- *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
- *
registry.redhat.io/rhosdt/jaeger-operator-bundle
- *
compliance/openshift-compliance-must-gather-rhel8
- *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
- *
compliance/openshift-file-integrity-rhel8-operator
- *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
- *
openshift-serverless-1/logic-db-migrator-tool-rhel8
- *
registry.redhat.io/discovery/discovery-server-rhel9
- *
openshift-serverless-1/logic-management-console-rhel8
- *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
- *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
- *
openshift-serverless-1/logic-data-index-postgresql-rhel8
- *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
- *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
- *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
- *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
- *
Matching in nixpkgs
pkgs.python312Packages.libxslt
C library and tools to do XSL transformations
-
nixos-unstable -
- nixpkgs-unstable 1.1.43
pkgs.python313Packages.libxslt
C library and tools to do XSL transformations
-
nixos-unstable -
- nixpkgs-unstable 1.1.43
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>