CVE-2025-6021 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2025-6021?

CVE-2025-6021 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-6021?

Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml2, Redhat Jboss Core Services, Redhat Openshift Container Platform, Redhat Openshift Container Platform For Arm64, Redhat Openshift Container Platform For Ibm Z.

Vulnerability Description

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xmlsoft	Libxml2	< 2.14.4
Redhat	Jboss Core Services	-
Redhat	Openshift Container Platform	4.12
Redhat	Openshift Container Platform For Arm64	4.13
Redhat	Openshift Container Platform For Ibm Z	4.13
Redhat	Openshift Container Platform For Linuxone	4.13
Redhat	Openshift Container Platform For Power	4.13
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.4
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.0_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.4_ppc64le
Redhat	Enterprise Linux Server Tus	8.8
Redhat	In-Vehicle Operating System	1.0

Related Weaknesses (CWE)

CWE-787

References

https://access.redhat.com/errata/RHSA-2025:10630Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10698Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10699Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11580Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11673
https://access.redhat.com/errata/RHSA-2025:12098Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12099Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12199Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12237Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12239Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12240Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12241Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13267Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13289Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13325Third Party Advisory

FAQ

What is CVE-2025-6021?

CVE-2025-6021 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a den...

How severe is CVE-2025-6021?

CVE-2025-6021 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6021?

Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml2, Redhat Jboss Core Services, Redhat Openshift Container Platform, Redhat Openshift Container Platform For Arm64, Redhat Openshift Container Platform For Ibm Z.