CVE-2025-32414

Exploit

EPSS 0.04%
Published 08.04.2025 03:15:15
Last modified 23.04.2025 19:09:35
Source cve@mitre.org
Teams watchlist Login
Open Login

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.13.8

Xmlsoft ≫ Libxml2 Version >= 2.14.0 < 2.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.115

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	5.6	1.4	3.7	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-393 Return of Wrong Status Code

A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.

https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

Patch

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-32414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32414

EUVD