CVE-2025-6170 — LOW (2.5) — White Hats Nepal

Vulnerability Description

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVSS Score

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Jboss Core Services	-
Redhat	Openshift Container Platform	4.0
Redhat	Enterprise Linux	6.0
Xmlsoft	Libxml2	-

Related Weaknesses (CWE)

CWE-121

References

https://access.redhat.com/errata/RHSA-2026:7519
https://access.redhat.com/security/cve/CVE-2025-6170MitigationThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372952Issue TrackingThird Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

FAQ

What is CVE-2025-6170?

CVE-2025-6170 is a vulnerability with a CVSS score of 2.5 (LOW). A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, w...

How severe is CVE-2025-6170?

CVE-2025-6170 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6170?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Core Services, Redhat Openshift Container Platform, Redhat Enterprise Linux, Xmlsoft Libxml2.