EUVD-2025-20995

| CVE-2025-7424 HIGH
2025-07-10 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2025-20995
CVE Published
Jul 10, 2025 - 14:15 nvd
HIGH 7.5

Tags

Denial Of Service Memory Corruption Redhat Suse

Description

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Analysis

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Technical Context

libxslt is a widely-used XSLT processing library that transforms XML documents using XSL stylesheets. The vulnerability stems from CWE-843 (Type Confusion), where the same memory field (psvi) intended for storing Post-Schema-Validation Infoset data is improperly reused across different contexts—both for stylesheet compilation/validation and input document processing. During XML transformations, this field confusion causes the processor to interpret stylesheet-related metadata as input document data or vice versa, leading to type mismatches in memory access patterns. Affected CPE strings typically include cpe:2.4:a:xmlsoft:libxslt (all versions with this vulnerability), commonly distributed with glibc-based Linux distributions, macOS via Homebrew, and embedded in web servers (Apache with mod_xslt), document processors (LibreOffice via its XSLT engine), and enterprise XML platforms.

Affected Products

libxslt library (specific vulnerable versions require vendor advisory confirmation—typically affects multiple point releases across major versions until patched). Affected downstream products include: Apache with mod_xslt, LibreOffice (uses libxslt for XSLT transformations), PHP with xslt extension (php-xslt package), Python lxml library (bindings to libxslt), Java Saxon with libxslt backend, various Linux distributions (Debian, Ubuntu, RHEL, CentOS, Fedora) packaging libxslt. Enterprise products using embedded libxslt include commercial XML processors, EDI translation engines, and document management systems. Exact version ranges and patch availability should be extracted from vendor advisories at xmlsoft.org/XSLT/, respective Linux distribution security trackers, and CVE detail pages referencing official patches.

Remediation

Immediate actions: (1) Identify all systems using libxslt via package managers (apt list --installed | grep xslt, rpm -qa | grep xslt, brew list | grep libxslt) or embedded in applications; (2) Apply vendor-provided patches immediately upon release—monitor xmlsoft.org and your OS vendor's security bulletins for patched libxslt versions; (3) If patches are unavailable, implement compensating controls: restrict XML/XSLT processing to trusted sources only, disable XSLT processing features if not required, run libxslt-dependent services in restricted containers/sandboxes with resource limits to minimize DoS impact. Longer-term: (4) Upgrade to patched libxslt versions once available (follow vendor release notes for specific version numbers); (5) Implement input validation and schema enforcement to reject malformed or suspicious XSLT stylesheets before processing; (6) Monitor for publicly disclosed POCs and adjust response priorities accordingly.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +38
POC: 0

Vendor Status

Ubuntu

Priority: Medium
libxslt
Release Status Version
bionic released 1.1.29-5ubuntu0.3+esm3
focal released 1.1.34-4ubuntu0.20.04.3+esm2
jammy released 1.1.34-4ubuntu0.22.04.5
noble released 1.1.39-0exp1ubuntu0.24.04.3
plucky released 1.1.39-0exp1ubuntu4.1
trusty released 1.1.28-2ubuntu0.2+esm5
xenial released 1.1.28-2.1ubuntu0.3+esm4
upstream released 1.1.44,1.1.43-0.1
questing released 1.1.43-0.3
USN-7945-1

Debian

Bug #1109123
libxslt
Release Status Fixed Version Urgency
bullseye fixed 1.1.34-4+deb11u3 -
bullseye (security) fixed 1.1.34-4+deb11u3 -
bookworm, bookworm (security) fixed 1.1.35-1+deb12u3 -
trixie (security), trixie fixed 1.1.35-1.2+deb13u2 -
forky, sid fixed 1.1.43-0.3 -
bookworm fixed 1.1.35-1+deb12u2 -
trixie fixed 1.1.35-1.2+deb13u1 -
(unstable) fixed 1.1.35-2 -
DLA-4309-1 DSA-5979-1

Share

EUVD-2025-20995 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy