CVE-2025-7424
Vulnerability
CVE-2025-7424
libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7424
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2379228
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7424
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7424
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
| AV | Local | |
|---|---|---|
| AC | High | |
| PR | None | |
| UI | None | |
| S | Changed | |
| C | None | |
| I | High | |
| A | High |
source: secalert@redhat.com
Access of Resource Using Incompatible Type ('Type Confusion')
source: secalert@redhat.com
published: 2025-07-10 00:00:00
modified: 2025-07-10 14:05:32
Detection
OR
libxslt
package type: source
tag: rhel-10:ee89796e-431f-0310-88ba-ded473ea0387
OR
libxslt
package type: source
tag: rhel-6-els:3ecebd89-8c8d-81fc-8d6c-6a577555e642
OR
libxslt
package type: source
tag: rhel-7-extras-including-unpatched:d25545d1-aa8d-8201-dfa8-afe95b304fcb
OR
libxslt
package type: source
tag: rhel-8-including-unpatched:c617663d-a88d-8230-a24a-0f026fefdcc8
OR
libxslt
package type: source
tag: rhel-9-including-unpatched:ce0d1672-568d-8236-17c4-8587c2fa65a1
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
