{ "threat_severity" : "Important", "public_date" : "2025-07-10T00:00:00Z", "bugzilla" : { "description" : "libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes", "id" : "2379228", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2379228" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-843", "details" : [ "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior." ], "statement" : "This type confusion vulnerability in libxslt has been rated as Important due to its potential to corrupt memory and crash applications during XML transformations. The flaw stems from unsafe reuse of the psvi field between stylesheet and input nodes, causing the program to misinterpret internal data types. When malicious XSLT stylesheets are processed, this confusion can lead to memory corruption or denial-of-service. Given libxslt’s widespread use in web browsers, server-side applications, and XML processing pipelines, the impact of this vulnerability can extend to user-facing services and backend systems alike.", "acknowledgement" : "Red Hat would like to thank Ivan Fratric (Google Project Zero) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHBA-2025:12345", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "libxml2-0:2.12.5-8.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHBA-2025:12345", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "libxslt-0:1.1.39-8.el10_0" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:11015", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "libxslt-main-1.1.45-0.1.hum1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "libxslt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-7424\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-7424\nhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/139" ], "name" : "CVE-2025-7424", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }