Skip to main content

CVE-2025-11731

LOW
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2025-10-14 secalert@redhat.com
3.1
CVSS 3.1 · Vendor: redhat

Severity by source

Vendor (redhat) PRIMARY
3.1 LOW
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from Vendor (redhat) · only source for this CVE.

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

DescriptionCVE.org

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Analysis

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Share

CVE-2025-11731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy