Vulnerability Description
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHBA-2025:12345
- https://access.redhat.com/errata/RHSA-2025:12447
- https://access.redhat.com/errata/RHSA-2025:12450
- https://access.redhat.com/errata/RHSA-2025:13267
- https://access.redhat.com/errata/RHSA-2025:13308
- https://access.redhat.com/errata/RHSA-2025:13309
- https://access.redhat.com/errata/RHSA-2025:13310
- https://access.redhat.com/errata/RHSA-2025:13311
- https://access.redhat.com/errata/RHSA-2025:13312
- https://access.redhat.com/errata/RHSA-2025:13313
- https://access.redhat.com/errata/RHSA-2025:13314
- https://access.redhat.com/errata/RHSA-2025:13335
- https://access.redhat.com/errata/RHSA-2025:13464
- https://access.redhat.com/errata/RHSA-2025:13622
- https://access.redhat.com/errata/RHSA-2025:14059
FAQ
What is CVE-2025-7425?
CVE-2025-7425 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragme...
How severe is CVE-2025-7425?
CVE-2025-7425 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7425?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.