Skip to main content

Severity by source

Vendor (redhat) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
7.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Updated
Apr 19, 2026 - 20:32 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 19, 2026 - 20:22 vuln.today
cvss_changed
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
PoC Detected
Mar 24, 2026 - 12:16 vuln.today
Public exploit code
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18175
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
CVE Published
Jun 12, 2025 - 13:15 nvd
HIGH 7.5

DescriptionCVE.org

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

AnalysisAI

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.

Technical ContextAI

Libxml2 is a widely-deployed XML parsing library used across Linux distributions and enterprise platforms. The xmlBuildQName function performs qualified name construction during XML processing, combining namespace prefixes and local names into QNames. CWE-190 (integer overflow) occurs when buffer size calculations overflow, causing the function to allocate insufficient stack space. Subsequent operations write beyond the allocated buffer, corrupting stack memory. The vulnerability affects the core libxml2 library (cpe:2.3:a:xmlsoft:libxml2) and propagates to all downstream consumers including Red Hat Enterprise Linux 7/8/9/10, OpenShift Container Platform across multiple major versions (4.12-4.18), and specialized variants like Telecommunications Update Service and Extended Lifecycle Support editions. Ubuntu and Debian have also confirmed impact across multiple releases.

RemediationAI

Apply vendor-released patches immediately for internet-facing systems processing untrusted XML. For Red Hat Enterprise Linux, upgrade libxml2 to fixed versions: RHEL 7 to 0:2.9.1-6.el7_9.10, RHEL 8 to 0:2.9.7-21.el8_10.1 (or version-specific patches per support tier), RHEL 9 to 0:2.9.13-10.el9_6, RHEL 10 to 0:2.12.5-7.el10_0. OpenShift Container Platform administrators should apply platform-specific updates via Red Hat Security Advisories RHSA-2025:12237 through RHSA-2025:13325 matching their cluster version. Ubuntu users should install updates from USN-7694-1, Debian users from DLA-4251-1. If patching cannot be completed immediately, implement compensating controls: restrict XML processing endpoints to authenticated users only (reduces attack surface from AV:N to trusted networks), deploy XML input validation and size limits before libxml2 parsing (blocks oversized crafted inputs but adds processing overhead and may break legitimate large documents), enable application-level request throttling to limit DoS impact (does not prevent exploitation but contains blast radius), and monitor for abnormal process crashes in XML-consuming services. Note that input validation is bypass-prone against novel integer overflow vectors and should be considered temporary mitigation only.

CVE-2016-4658 CRITICAL
9.8 Sep 25

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS befor

CVE-2016-1762 HIGH POC
8.1 Mar 24

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer

CVE-2016-1834 HIGH POC
7.8 May 20

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X b

CVE-2016-1840 HIGH POC
7.8 May 20

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9

CVE-2017-9047 HIGH POC
7.5 May 18

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2016-4447 HIGH POC
7.5 Jun 09

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denia

CVE-2017-16932 HIGH
7.5 Nov 23

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. Rated high severity (CVSS 7.

CVE-2016-4483 HIGH POC
7.5 Apr 11

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial

CVE-2013-1969 HIGH POC
7.5 Apr 25

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attac

CVE-2016-1839 MEDIUM POC
5.5 May 20

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS befo

CVE-2016-1838 MEDIUM POC
5.5 May 20

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 1

CVE-2017-9048 HIGH POC
7.5 May 18

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. Rated high severity (CVSS 7.5), this

Vendor StatusVendor

Ubuntu

Priority: Medium
libxml2
Release Status Version
bionic released 2.9.4+dfsg1-6.1ubuntu1.9+esm4
focal released 2.9.10+dfsg-5ubuntu0.20.04.10+esm1
jammy released 2.9.13+dfsg-1ubuntu0.8
noble released 2.9.14+dfsg-1.3ubuntu3.4
plucky released 2.12.7+dfsg+really2.9.14-0.4ubuntu0.2
trusty released 2.9.1+dfsg1-3ubuntu4.13+esm8
upstream released -
xenial released 2.9.3+dfsg1-1ubuntu0.7+esm9
oracular ignored end of life, was needs-triage

Debian

Bug #1107720
libxml2
Release Status Fixed Version Urgency
bullseye fixed 2.9.10+dfsg-6.7+deb11u8 -
bullseye (security) fixed 2.9.10+dfsg-6.7+deb11u9 -
bookworm fixed 2.9.14+dfsg-1.3~deb12u3 -
bookworm (security) fixed 2.9.14+dfsg-1.3~deb12u4 -
trixie fixed 2.12.7+dfsg+really2.9.14-2.1+deb13u2 -
trixie (security) fixed 2.12.7+dfsg+really2.9.14-2.1+deb13u1 -
forky, sid fixed 2.15.1+dfsg-2 -
(unstable) fixed 2.12.7+dfsg+really2.9.14-2 -

SUSE

Severity: High
Product Status
Container bci/kiwi:9.24.43-16.25 Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Affected
Container bci/spack:0.23.1-11.20 Container containers/lmcache-vllm-openai:0.3.2-1.2 Container containers/open-webui:0.6.9-10.36 Container containers/pytorch:2.7.0-nvidia-2.33 Container containers/vllm-openai:0.9.1-1.2 Container private-registry/harbor-db:2.12.2-2.16 Container private-registry/harbor-nginx:1.21.5-2.15 Container suse/manager/5.0/x86_64/proxy-salt-broker:5.0.5.1.7.28.2 Container suse/manager/5.0/x86_64/proxy-squid:5.0.5.1.7.26.1 Container suse/manager/5.0/x86_64/server-migration-14-16:5.0.5.1.7.26.2 Container suse/mariadb:10.11.11-68.18 Container suse/sle-micro/5.5/toolbox:14.2-3.12.59 Container suse/sle-micro/5.5:2.0.4-5.5.329 Container suse/sle-micro/base-5.5:2.0.4-5.8.185 Container suse/sle-micro/kvm-5.5:2.0.4-3.5.354 Container suse/sle-micro/rt-5.5:2.0.4-4.5.430 Image SLES15-SP5-Azure-3P Image SLES15-SP5-Azure-Basic Image SLES15-SP5-Azure-Standard Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-Aliyun Image SLES15-SP5-CHOST-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-EC2 Image SLES15-SP5-CHOST-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-GDC Image SLES15-SP5-CHOST-BYOS-SAP-CCloud Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-Azure Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image ai_15_6 Affected
Container private-registry/harbor-portal:1.1.0-1.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.0.7.32 Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.0.6.21 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.0.6.27 Container suse/multi-linux-manager/5.1/x86_64/server-postgresql:5.1.2.6.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image proxy-httpd-image Image proxy-salt-broker-image Image proxy-squid-image Image server-database-migration-image Image server-image Image server-migration-14-16-image Image server-postgresql-image Image server-saline-image Affected
Container suse/ltss/sle12.5/sles12sp5:8.5.107 Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Affected
Container suse/manager/4.3/proxy-httpd:4.3.15.9.63.43 Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Affected

Share

CVE-2025-6021 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy