CVE-2025-7425

Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

INFO

Published Date :

2025-07-10T13:53:37.295Z

Last Modified :

2026-04-14T21:37:16.749Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-7425 vulnerability.

Vendors	Products
Redhat	Cert Manager Discovery Enterprise Linux Hummingbird Insights Proxy Openshift Openshift Compliance Operator Openshift Distributed Tracing Openshift File Integrity Operator Openshift Serverless Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus Webterminal

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7425.

URL	Resource
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/37
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://access.redhat.com/errata/RHBA-2025:12345
https://access.redhat.com/errata/RHSA-2025:12447
https://access.redhat.com/errata/RHSA-2025:12450
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13308
https://access.redhat.com/errata/RHSA-2025:13309
https://access.redhat.com/errata/RHSA-2025:13310
https://access.redhat.com/errata/RHSA-2025:13311
https://access.redhat.com/errata/RHSA-2025:13312
https://access.redhat.com/errata/RHSA-2025:13313
https://access.redhat.com/errata/RHSA-2025:13314
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:13464
https://access.redhat.com/errata/RHSA-2025:13622
https://access.redhat.com/errata/RHSA-2025:14059
https://access.redhat.com/errata/RHSA-2025:14396
https://access.redhat.com/errata/RHSA-2025:14818
https://access.redhat.com/errata/RHSA-2025:14819
https://access.redhat.com/errata/RHSA-2025:14853
https://access.redhat.com/errata/RHSA-2025:14858
https://access.redhat.com/errata/RHSA-2025:15308
https://access.redhat.com/errata/RHSA-2025:15672
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:21913
https://access.redhat.com/errata/RHSA-2026:0934
https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
https://nvd.nist.gov/vuln/detail/CVE-2025-7425
https://www.cve.org/CVERecord?id=CVE-2025-7425

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact