{ "threat_severity" : "Important", "public_date" : "2025-07-10T00:00:00Z", "bugzilla" : { "description" : "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr", "id" : "2379274", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2379274" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption." ], "statement" : "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt's xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.", "acknowledgement" : "Red Hat would like to thank Sergei Glazunov (Google Project Zero) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13464", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "libxml2-0:2.9.1-6.el7_9.12" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHSA-2025:12450", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-21.el8_10.2" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHSA-2025:12450", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-21.el8_10.2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13308", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "libxml2-0:2.9.7-9.el8_2.4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13310", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "libxml2-0:2.9.7-9.el8_4.7" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13310", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "libxml2-0:2.9.7-9.el8_4.7" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13311", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13311", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13311", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.11" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13313", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "libxml2-0:2.9.7-16.el8_8.10" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13313", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "libxml2-0:2.9.7-16.el8_8.10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHSA-2025:12447", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-11.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHSA-2025:12447", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-11.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13309", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "libxml2-0:2.9.13-1.el9_0.6" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13314", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "libxml2-0:2.9.13-3.el9_2.8" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13312", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "libxml2-0:2.9.13-11.el9_4" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2025-09-11T00:00:00Z", "advisory" : "RHSA-2025:15308", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "rhcos-412.86.202509030110-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2025-09-18T00:00:00Z", "advisory" : "RHSA-2025:15672", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "rhcos-413.92.202509030117-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2025-09-04T00:00:00Z", "advisory" : "RHSA-2025:14853", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202508270040-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2025-08-27T00:00:00Z", "advisory" : "RHSA-2025:14396", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202508192014-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-09-04T00:00:00Z", "advisory" : "RHSA-2025:14858", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "rhcos-416.94.202508261955-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-08-27T00:00:00Z", "advisory" : "RHSA-2025:14059", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "rhcos-417.94.202508141510-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-09-04T00:00:00Z", "advisory" : "RHSA-2025:14818", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "rhcos-418.94.202508261658-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.19", "release_date" : "2025-09-02T00:00:00Z", "advisory" : "RHSA-2025:14819", "cpe" : "cpe:/a:redhat:openshift:4.19::el9", "package" : "rhcos-4.19.9.6.202508271124-0" }, { "product_name" : "Red Hat Web Terminal 1.11 on RHEL 9", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15828", "cpe" : "cpe:/a:redhat:webterminal:1.11::el9", "package" : "web-terminal/web-terminal-rhel9-operator:1.11-19" }, { "product_name" : "Red Hat Web Terminal 1.11 on RHEL 9", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15828", "cpe" : "cpe:/a:redhat:webterminal:1.11::el9", "package" : "web-terminal/web-terminal-tooling-rhel9:1.11-8" }, { "product_name" : "Red Hat Web Terminal 1.12 on RHEL 9", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15827", "cpe" : "cpe:/a:redhat:webterminal:1.12::el9", "package" : "web-terminal/web-terminal-tooling-rhel9:1.12-4" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.36.0-11" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-data-index-postgresql-rhel8:1.36.0-11" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-db-migrator-tool-rhel8:1.36.0-11" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.36.0-10" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.36.0-10" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.36.0-4" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-management-console-rhel8:1.36.0-9" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-operator-bundle:1.36.0-12" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-rhel8-operator:1.36.0-18" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-swf-builder-rhel8:1.36.0-11" }, { "product_name" : "RHOSS-1.36-RHEL-8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0934", "cpe" : "cpe:/a:redhat:openshift_serverless:1.36::el8", "package" : "openshift-serverless-1/logic-swf-devmode-rhel8:1.36.0-7" }, { "product_name" : "cert-manager operator for Red Hat OpenShift 1.16", "release_date" : "2025-10-16T00:00:00Z", "advisory" : "RHSA-2025:18219", "cpe" : "cpe:/a:redhat:cert_manager:1.16::el9", "package" : "cert-manager/jetstack-cert-manager-rhel9:sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b" }, { "product_name" : "Compliance Operator 1", "release_date" : "2025-11-20T00:00:00Z", "advisory" : "RHSA-2025:21885", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-must-gather-rhel8:sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498" }, { "product_name" : "Compliance Operator 1", "release_date" : "2025-11-20T00:00:00Z", "advisory" : "RHSA-2025:21885", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-openscap-rhel8:sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049" }, { "product_name" : "Compliance Operator 1", "release_date" : "2025-11-20T00:00:00Z", "advisory" : "RHSA-2025:21885", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1::el9", "package" : "compliance/openshift-compliance-rhel8-operator:sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02" }, { "product_name" : "File Integrity Operator 1", "release_date" : "2025-11-21T00:00:00Z", "advisory" : "RHSA-2025:21913", "cpe" : "cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "package" : "compliance/openshift-file-integrity-rhel8-operator:sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2025-08-06T00:00:00Z", "advisory" : "RHSA-2025:13267", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-server-rhel9:sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344" }, { "product_name" : "Red Hat Insights proxy 1.5", "release_date" : "2025-08-07T00:00:00Z", "advisory" : "RHSA-2025:13335", "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9", "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-agent-rhel8:sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-all-in-one-rhel8:sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-collector-rhel8:sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-es-index-cleaner-rhel8:sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-es-rollover-rhel8:sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-ingester-rhel8:sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-operator-bundle:sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-query-rhel8:sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d" }, { "product_name" : "Red Hat OpenShift distributed tracing 3.5.1", "release_date" : "2025-08-11T00:00:00Z", "advisory" : "RHSA-2025:13622", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package" : "rhosdt/jaeger-rhel8-operator:sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-7425\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-7425\nhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/140" ], "name" : "CVE-2025-7425", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }