What is the CVSS score of CVE-2025-49796?

CVE-2025-49796 has a contested CVSS base score of 9.1 from a third party (e.g. CISA-ADP), while the vendor rates it Critical. vuln.today uses the vendor rating as authoritative.

Is there a public PoC exploit available for CVE-2025-49796?

Yes, a public proof-of-concept exploit is available for CVE-2025-49796. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2025-49796?

Within 24 hours: Identify all systems running affected versions of libxml2, RHEL 7-10, OpenShift 4.12-4.20, Ubuntu, or Debian; prioritize internet-facing XML parsers and document processors. Within 7 days: Apply vendor-released patches-Red Hat customers should update to patched libxml2 packages per RHSA advisory and RHEL point releases; Debian/Ubuntu users should pull latest security updates via apt; test patches in non-production first. Within 30 days: Verify all patches deployed via vulnerability scanning; implement input validation for untrusted XML sources; consider disabling schematron processing if unused.

CVE-2025-49796

EUVD-2025-18415 CRITICAL

Out-of-bounds Read (CWE-125)

2025-06-16 secalert@redhat.com

Buffer Overflow Information Disclosure Denial Of Service

Critical

Disputed · 9.1 NVD

Severity by source

Sources disagree (Medium–Critical)

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Ubuntu

MEDIUM

qualitative

SUSE

CRITICAL

qualitative

Red Hat

9.1 HIGH

qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 19, 2026 - 20:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 19, 2026 - 20:22 vuln.today

cvss_changed

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

PoC Detected

Mar 20, 2026 - 20:16 vuln.today

Public exploit code

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18415

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

CVE Published

Jun 16, 2025 - 16:15 nvd

CRITICAL 9.1

DescriptionCVE.org

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

AnalysisAI

Memory corruption in libxml2's processing of schematron sch:name elements allows remote attackers to trigger crashes or potentially execute code via maliciously crafted XML files. Affects widespread deployments including Red Hat Enterprise Linux 7-10, OpenShift Container Platform 4.12-4.20, Ubuntu, and Debian distributions. CVSS 9.1 critical severity with network-exploitable vector requiring no authentication. Publicly available exploit code exists (POC confirmed). EPSS score of 0.49% suggests relatively low observed exploitation attempts despite critical rating. Not listed in CISA KEV, indicating no confirmed mass exploitation campaigns at time of analysis. Vendor patches available across all affected Red Hat products with specific versions documented.

Technical ContextAI

libxml2 is a widely deployed XML parsing library used across Linux distributions, container platforms, and countless applications for XML processing. This vulnerability stems from CWE-125 (out-of-bounds read) during validation of XML Schema schematron namespace elements. When libxml2 encounters specially crafted sch:name elements during XML parsing, the library performs unsafe memory access operations that corrupt sensitive data structures. The schematron validation feature processes pattern-based constraints in XML schemas, and the flaw in handling sch:name elements creates opportunities for reading beyond allocated buffer boundaries. This memory corruption can manifest as denial of service through crashes, but the CVSS integrity impact rating of HIGH suggests potential for more severe consequences including arbitrary code execution if an attacker can precisely control the corrupted memory regions. The vulnerability affects libxml2 versions prior to 2.12.5 based on the RHEL 10 patch version, with backported fixes applied to earlier 2.9.x branch versions across enterprise distributions.

RemediationAI

Apply vendor-released patches immediately for internet-facing systems processing untrusted XML. Red Hat customers should update libxml2 to patched versions: RHEL 7 to 0:2.9.1-6.el7_9.10, RHEL 8 baseline to 0:2.9.7-21.el8_10.1, RHEL 9 baseline to 0:2.9.13-10.el9_6, RHEL 10 to 0:2.12.5-7.el10_0, with version-specific patches for Extended Update Support and SAP Solutions variants documented in RHSA advisories (access.redhat.com/errata/RHSA-2025:10630 through RHSA-2025:15827). OpenShift Container Platform customers should apply platform-specific updates via operator channels (4.12.86, 4.13.92, 4.14.92, 4.17.94, 4.18.94, 4.19.9.6, 4.20.9.6). Ubuntu users should install updates via USN-7694-1 security notice. Debian users should apply DLA-4251-1 advisory patches. If immediate patching is not feasible, implement XML input validation at application layer to reject documents containing schematron namespace elements (xmlns:sch) as temporary mitigation - note this breaks legitimate schematron-based validation workflows and should only be used as interim control. For containerized deployments, update base images and rebuild containers. Network-level controls provide minimal value given the vulnerability triggers during XML parsing regardless of transport protocol. No workaround exists that preserves full libxml2 schematron functionality without applying vendor patches.

Vendor StatusVendor

Ubuntu

Priority: Medium

libxml2

Release	Status	Version
oracular	ignored	end of life, was needs-triage
bionic	released	2.9.4+dfsg1-6.1ubuntu1.9+esm4
focal	released	2.9.10+dfsg-5ubuntu0.20.04.10+esm1
jammy	released	2.9.13+dfsg-1ubuntu0.8
noble	released	2.9.14+dfsg-1.3ubuntu3.4
plucky	released	2.12.7+dfsg+really2.9.14-0.4ubuntu0.2
trusty	released	2.9.1+dfsg1-3ubuntu4.13+esm8
upstream	released	-
xenial	released	2.9.3+dfsg1-1ubuntu0.7+esm9

USN-7694-1

Debian

Bug #1107752

libxml2

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.9.10+dfsg-6.7+deb11u8	-
bullseye (security)	fixed	2.9.10+dfsg-6.7+deb11u9	-
bookworm	fixed	2.9.14+dfsg-1.3~deb12u3	-
bookworm (security)	fixed	2.9.14+dfsg-1.3~deb12u4	-
trixie	fixed	2.12.7+dfsg+really2.9.14-2.1+deb13u2	-
trixie (security)	fixed	2.12.7+dfsg+really2.9.14-2.1+deb13u1	-
forky, sid	fixed	2.15.1+dfsg-2	-
(unstable)	fixed	2.12.7+dfsg+really2.9.14-2	-

DLA-4251-1

SUSE

Severity: Critical

Product	Status
Container bci/kiwi:9.24.43-16.25 Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE	Affected
Container bci/spack:0.23.1-11.20 Container containers/lmcache-vllm-openai:0.3.2-1.2 Container containers/open-webui:0.6.9-10.36 Container containers/pytorch:2.7.0-nvidia-2.33 Container containers/vllm-openai:0.9.1-1.2 Container private-registry/harbor-db:2.12.2-2.16 Container private-registry/harbor-nginx:1.21.5-2.15 Container suse/manager/5.0/x86_64/proxy-salt-broker:5.0.5.1.7.28.2 Container suse/manager/5.0/x86_64/proxy-squid:5.0.5.1.7.26.1 Container suse/manager/5.0/x86_64/server-migration-14-16:5.0.5.1.7.26.2 Container suse/mariadb:10.11.11-68.18 Container suse/sle-micro/5.5/toolbox:14.2-3.12.59 Container suse/sle-micro/5.5:2.0.4-5.5.329 Container suse/sle-micro/base-5.5:2.0.4-5.8.185 Container suse/sle-micro/kvm-5.5:2.0.4-3.5.354 Container suse/sle-micro/rt-5.5:2.0.4-4.5.430 Image SLES15-SP5-Azure-3P Image SLES15-SP5-Azure-Basic Image SLES15-SP5-Azure-Standard Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-Aliyun Image SLES15-SP5-CHOST-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-EC2 Image SLES15-SP5-CHOST-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-GDC Image SLES15-SP5-CHOST-BYOS-SAP-CCloud Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-Azure Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image ai_15_6	Affected
Container private-registry/harbor-portal:1.1.0-1.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.0.7.32 Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.2.6.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image proxy-httpd-image Image proxy-salt-broker-image Image proxy-squid-image Image server-database-migration-image Image server-image Image server-migration-14-16-image Image server-postgresql-image Image server-saline-image	Affected
Container suse/ltss/sle12.5/sles12sp5:8.5.107 Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand	Affected
Container suse/manager/4.3/proxy-httpd:4.3.15.9.63.43 Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE	Affected

CVE-2025-49796 vulnerability details – vuln.today

Back

CVE-2025-49796

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

SUSE

Share

External POC / Exploit Code