What is the CVSS score of EUVD-2025-18442?

EUVD-2025-18442 has a CVSS 3.1 base score of 2.5 (Low). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for EUVD-2025-18442?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18442. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-18442?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

EUVD-2025-18442

| CVE-2025-6170 LOW

Stack-based Buffer Overflow (CWE-121)

2025-06-16 secalert@redhat.com

Buffer Overflow Stack Overflow

2.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.5 LOW

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

PoC Detected

Mar 24, 2026 - 05:16 vuln.today

Public exploit code

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18442

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

CVE Published

Jun 16, 2025 - 16:15 nvd

LOW 2.5

DescriptionCVE.org

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

AnalysisAI

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Stack-based Buffer Overflow (CWE-121).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Vendor StatusVendor

Ubuntu

Priority: Medium

libxml2

Release	Status	Version
bionic	released	2.9.4+dfsg1-6.1ubuntu1.9+esm4
focal	released	2.9.10+dfsg-5ubuntu0.20.04.10+esm1
jammy	released	2.9.13+dfsg-1ubuntu0.8
noble	released	2.9.14+dfsg-1.3ubuntu3.4
plucky	released	2.12.7+dfsg+really2.9.14-0.4ubuntu0.2
oracular	ignored	end of life, was needs-triage
trusty	released	2.9.1+dfsg1-3ubuntu4.13+esm8
upstream	released	-
xenial	released	2.9.3+dfsg1-1ubuntu0.7+esm9

USN-7694-1

Debian

Bug #1107938

libxml2

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.9.10+dfsg-6.7+deb11u8	-
bullseye (security)	fixed	2.9.10+dfsg-6.7+deb11u9	-
bookworm	fixed	2.9.14+dfsg-1.3~deb12u3	-
bookworm (security)	fixed	2.9.14+dfsg-1.3~deb12u4	-
trixie	fixed	2.12.7+dfsg+really2.9.14-2.1+deb13u2	-
trixie (security)	fixed	2.12.7+dfsg+really2.9.14-2.1+deb13u1	-
forky, sid	fixed	2.15.1+dfsg-2	-
(unstable)	fixed	2.12.7+dfsg+really2.9.14-2.1	unimportant

DLA-4251-1

EUVD-2025-18442 vulnerability details – vuln.today

Back

EUVD-2025-18442

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code