Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:

Compact

Detailed

Permalink CVE-2025-7425

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

References

https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
RHSA-2025:21885 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
RHSA-2025:21885 vendor-advisory x_refsource_REDHAT
RHSA-2025:21913 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
RHSA-2025:21885 vendor-advisory x_refsource_REDHAT
RHSA-2025:21913 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
RHSA-2025:15672 vendor-advisory x_refsource_REDHAT
RHSA-2025:15827 vendor-advisory x_refsource_REDHAT
RHSA-2025:15828 vendor-advisory x_refsource_REDHAT
RHSA-2025:18219 vendor-advisory x_refsource_REDHAT
RHSA-2025:21885 vendor-advisory x_refsource_REDHAT
RHSA-2025:21913 vendor-advisory x_refsource_REDHAT
RHSA-2026:0934 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7425 x_refsource_REDHAT vdb-entry
RHBZ#2379274 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
RHSA-2025:12447 vendor-advisory x_refsource_REDHAT
RHSA-2025:12450 vendor-advisory x_refsource_REDHAT
RHSA-2025:13267 vendor-advisory x_refsource_REDHAT
RHSA-2025:13308 vendor-advisory x_refsource_REDHAT
RHSA-2025:13309 vendor-advisory x_refsource_REDHAT
RHSA-2025:13310 vendor-advisory x_refsource_REDHAT
RHSA-2025:13311 vendor-advisory x_refsource_REDHAT
RHSA-2025:13312 vendor-advisory x_refsource_REDHAT
RHSA-2025:13313 vendor-advisory x_refsource_REDHAT
RHSA-2025:13314 vendor-advisory x_refsource_REDHAT
RHSA-2025:13335 vendor-advisory x_refsource_REDHAT
RHSA-2025:13464 vendor-advisory x_refsource_REDHAT
RHSA-2025:13622 vendor-advisory x_refsource_REDHAT
RHSA-2025:14059 vendor-advisory x_refsource_REDHAT
RHSA-2025:14396 vendor-advisory x_refsource_REDHAT
RHSA-2025:14818 vendor-advisory x_refsource_REDHAT
RHSA-2025:14819 vendor-advisory x_refsource_REDHAT
RHSA-2025:14853 vendor-advisory x_refsource_REDHAT
RHSA-2025:14858 vendor-advisory x_refsource_REDHAT
RHSA-2025:15308 vendor-advisory x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 exploit
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2

Affected products

rhcos

libxml2

<2.15.2
*

libxslt

rhosdt/jaeger-agent-rhel8

rhosdt/jaeger-query-rhel8

rhosdt/jaeger-ingester-rhel8

rhosdt/jaeger-rhel8-operator

rhosdt/jaeger-collector-rhel8

rhosdt/jaeger-operator-bundle

rhosdt/jaeger-all-in-one-rhel8

rhosdt/jaeger-es-rollover-rhel8

discovery/discovery-server-rhel9

rhosdt/jaeger-es-index-cleaner-rhel8

web-terminal/web-terminal-tooling-rhel9

cert-manager/jetstack-cert-manager-rhel9

web-terminal/web-terminal-rhel9-operator

openshift-serverless-1/logic-rhel8-operator

openshift-serverless-1/logic-operator-bundle

registry.redhat.io/rhosdt/jaeger-agent-rhel8

registry.redhat.io/rhosdt/jaeger-query-rhel8

insights-proxy/insights-proxy-container-rhel9

compliance/openshift-compliance-openscap-rhel8

compliance/openshift-compliance-rhel8-operator

openshift-serverless-1/logic-swf-builder-rhel8

openshift-serverless-1/logic-swf-devmode-rhel8

registry.redhat.io/rhosdt/jaeger-ingester-rhel8

registry.redhat.io/rhosdt/jaeger-rhel8-operator

registry.redhat.io/rhosdt/jaeger-collector-rhel8

registry.redhat.io/rhosdt/jaeger-operator-bundle

compliance/openshift-compliance-must-gather-rhel8

registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8

compliance/openshift-file-integrity-rhel8-operator

registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8

openshift-serverless-1/logic-db-migrator-tool-rhel8

registry.redhat.io/discovery/discovery-server-rhel9

openshift-serverless-1/logic-management-console-rhel8

openshift-serverless-1/logic-data-index-ephemeral-rhel8

registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8

openshift-serverless-1/logic-data-index-postgresql-rhel8

openshift-serverless-1/logic-jobs-service-ephemeral-rhel8

openshift-serverless-1/logic-jobs-service-postgresql-rhel8

openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8

registry.redhat.io/insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

pkgs.python312Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Permalink CVE-2025-6395

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): HIGH

created 6 months ago

Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.

References

RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
RHSA-2025:22529 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-6395 x_refsource_REDHAT vdb-entry
RHBZ#2376755 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3

Affected products

rhcos

gnutls

libgnutls

<3.8.10

rhceph/rhceph-7-rhel9

discovery/discovery-ui-rhel9

insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable -
- nixpkgs-unstable 3.8.10

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable -
- nixpkgs-unstable 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2025-7424

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

References

https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/33
https://access.redhat.com/security/cve/CVE-2025-7424 x_refsource_REDHAT vdb-entry
RHBZ#2379228 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/37
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/30
http://www.openwall.com/lists/oss-security/2025/07/11/2

Affected products

rhcos

libxslt

<1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

pkgs.python312Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable -
- nixpkgs-unstable 1.1.43

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Permalink CVE-2025-32990

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Gnutls: vulnerability in gnutls certtool template parsing

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

References

https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHBZ#2359620 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
RHSA-2025:22529 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32990 x_refsource_REDHAT vdb-entry
RHBZ#2359620 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3

Affected products

rhcos

gnutls

libgnutls

<3.8.10

rhceph/rhceph-7-rhel9

discovery/discovery-ui-rhel9

insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable -
- nixpkgs-unstable 3.8.10

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable -
- nixpkgs-unstable 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2025-32988

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): HIGH

created 6 months ago

Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

References

https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2025/07/11/3
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:17415 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
RHSA-2025:22529 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32988 x_refsource_REDHAT vdb-entry
RHBZ#2359622 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
http://www.openwall.com/lists/oss-security/2025/07/11/3

Affected products

rhcos

gnutls

libgnutls

<3.8.10

rhceph/rhceph-7-rhel9

discovery/discovery-ui-rhel9

insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable -
- nixpkgs-unstable 3.8.10

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable -
- nixpkgs-unstable 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2025-32989

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Gnutls: vulnerability in gnutls sct extension parsing

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

References

https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHBZ#2359621 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2025/07/11/3
RHSA-2025:19088 vendor-advisory x_refsource_REDHAT
RHSA-2025:22529 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-32989 x_refsource_REDHAT vdb-entry
RHBZ#2359621 issue-tracking x_refsource_REDHAT
RHSA-2025:16115 vendor-advisory x_refsource_REDHAT
RHSA-2025:16116 vendor-advisory x_refsource_REDHAT
RHSA-2025:17181 vendor-advisory x_refsource_REDHAT
RHSA-2025:17348 vendor-advisory x_refsource_REDHAT
RHSA-2025:17361 vendor-advisory x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2025/07/11/3

Affected products

rhcos

gnutls

libgnutls

<3.8.10

rhceph/rhceph-7-rhel9

discovery/discovery-ui-rhel9

insights-proxy/insights-proxy-container-rhel9

Matching in nixpkgs

pkgs.gnutls

GNU Transport Layer Security Library

nixos-unstable -
- nixpkgs-unstable 3.8.10

pkgs.guile-gnutls

Guile bindings for GnuTLS library

nixos-unstable -
- nixpkgs-unstable 5.0.1

pkgs.python312Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

pkgs.python313Packages.python3-gnutls

Python wrapper for the GnuTLS library

nixos-unstable -
- nixpkgs-unstable python3-gnutls-3.1.10

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@foo-dogsquared Gabriel Arazas <foodogsquared@foodogsquared.one>
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>

Permalink CVE-2025-0928

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Arbitrary executable upload via authenticated endpoint

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

References

https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv

Affected products

juju

<3.6.8
<2.9.52

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>

Permalink CVE-2025-53513

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

References

Affected products

juju

<3.6.8
<2.9.52

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>

Permalink CVE-2025-53512

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

References

https://github.com/juju/juju/security/advisories/GHSA-r64v-82fh-xc63

Affected products

juju

<3.6.8
<2.9.52

Matching in nixpkgs

pkgs.juju

Open source modelling tool for operating software in the cloud

nixos-unstable -
- nixpkgs-unstable 3.6.9

pkgs.jujutsu

Git-compatible DVCS that is both simple and powerful

nixos-unstable -
- nixpkgs-unstable 0.33.0

pkgs.jujuutils

Utilities around FireWire devices connected to a Linux computer

nixos-unstable -
- nixpkgs-unstable 0.2

Package maintainers

@RealityAnomaly Alex Zero <alex@arctarus.co.uk>
@emilazy Emily <nixpkgs@emily.moe>
@thoughtpolice Austin Seipp <aseipp@pobox.com>
@0x4A6F Joachim Ernst <mail-maintainer@0x4A6F.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>

Permalink CVE-2025-5987

5.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

Libssh: invalid return code for chacha20 poly1305 with openssl backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

References

https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
RHSA-2026:0985 vendor-advisory x_refsource_REDHAT
RHSA-2026:0996 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
RHSA-2026:0980 vendor-advisory x_refsource_REDHAT
RHSA-2026:0985 vendor-advisory x_refsource_REDHAT
RHSA-2026:0996 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
RHSA-2026:0980 vendor-advisory x_refsource_REDHAT
RHSA-2026:0985 vendor-advisory x_refsource_REDHAT
RHSA-2026:0996 vendor-advisory x_refsource_REDHAT
RHSA-2026:1539 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2025:23483 vendor-advisory x_refsource_REDHAT
RHSA-2025:23484 vendor-advisory x_refsource_REDHAT
RHSA-2026:0427 vendor-advisory x_refsource_REDHAT
RHSA-2026:0428 vendor-advisory x_refsource_REDHAT
RHSA-2026:0430 vendor-advisory x_refsource_REDHAT
RHSA-2026:0431 vendor-advisory x_refsource_REDHAT
RHSA-2026:0702 vendor-advisory x_refsource_REDHAT
RHSA-2026:0978 vendor-advisory x_refsource_REDHAT
RHSA-2026:0980 vendor-advisory x_refsource_REDHAT
RHSA-2026:0985 vendor-advisory x_refsource_REDHAT
RHSA-2026:0996 vendor-advisory x_refsource_REDHAT
RHSA-2026:1539 vendor-advisory x_refsource_REDHAT
RHSA-2026:1541 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
RHBZ#2376219 issue-tracking x_refsource_REDHAT