CVE-2025-7425

Sažetak

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Reference

https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

CVSS

Base:	7.8
Impact:	5.8
Exploitability:	1.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Zadnje važnije ažuriranje

10-07-2025 - 16:15

Objavljeno

10-07-2025 - 14:15