Vulnerability Description
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmlsoft | Libxslt | - |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHBA-2025:12345
- https://access.redhat.com/errata/RHSA-2026:11015
- https://access.redhat.com/security/cve/CVE-2025-7424Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2379228Issue TrackingThird Party Advisory
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
- http://seclists.org/fulldisclosure/2025/Aug/0
- http://seclists.org/fulldisclosure/2025/Jul/30
- http://seclists.org/fulldisclosure/2025/Jul/32
- http://seclists.org/fulldisclosure/2025/Jul/33
- http://seclists.org/fulldisclosure/2025/Jul/35
- http://seclists.org/fulldisclosure/2025/Jul/37
- http://www.openwall.com/lists/oss-security/2025/07/11/2
- https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html
FAQ
What is CVE-2025-7424?
CVE-2025-7424 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows...
How severe is CVE-2025-7424?
CVE-2025-7424 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7424?
Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxslt, Redhat Openshift Container Platform, Redhat Enterprise Linux.