AI description
CVE-2025-49794 is a use-after-free vulnerability found in libxml2. This vulnerability occurs when parsing XPath elements specifically when the XML schematron contains the `<sch:name path="..." />` schema elements. A malicious actor can exploit this flaw by crafting a malicious XML document, which, when used as input for libxml, can cause the program using libxml2 to crash or exhibit other undefined behaviors.
- Description
- A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- secalert@redhat.com
- CWE-825
- Hype score
- Not currently trending
🚨 Critical #libxml2 patch for #openSUSE (CVE-2025-49794 to CVE-2025-6021). DoS/RCE risks! Update via: zypper patch Details: 👉 https://t.co/ispqm7BtNi https://t.co/3R8b5vB5Ak
@Cezar_H_Linux
16 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
5 CVEs in libxml2 https://t.co/nHoIvYT13R CVE-2025-49794: Heap UAF DoS CVE-2025-49795: Null pointer dereference DoS CVE-2025-49796: Type confusion DoS CVE-2025-6021: Integer and Buffer Overflow in xmlBuildQName() CVE-2025-6170: Stack-based Buffer Overflow in xmllint Shell
@oss_security
17 Jun 2025
2650 Impressions
11 Retweets
24 Likes
8 Bookmarks
1 Reply
1 Quote
🚨 New Critical libxml2 Vulnerabilities Open the Door to Remote Attacks 🛡️ Two high-impact flaws in libxml2 (CVE-2025-49796 & CVE-2025-49794) could allow remote attackers to trigger memory corruption or denial of service on Red Hat systems. Read more: https://t.co/yzC
@threatsbank
16 Jun 2025
150 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-49794 A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:na… https://t.co/YsucVZzIBM
@CVEnew
16 Jun 2025
454 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-49794: CRITICAL] Critical use-after-free vulnerability uncovered in libxml2 due to malfunction in parsing XPath elements. Malicious actors can exploit this flaw to crash programs or trigger undefin...#cve,CVE-2025-49794,#cybersecurity https://t.co/akiNIqs7gT https://t.c
@CveFindCom
16 Jun 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes