CVE-2025-32414

Exploit

EPSS 0.04%
Veröffentlicht 08.04.2025 03:15:15
Zuletzt bearbeitet 23.04.2025 19:09:35
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.13.8

Xmlsoft ≫ Libxml2 Version >= 2.14.0 < 2.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.115

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	5.6	1.4	3.7	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-393 Return of Wrong Status Code

A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.

https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

Patch

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-32414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32414

EUVD