9.1

CVE-2025-49794

Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1400
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1500
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1501
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1510
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1511
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1512
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1524
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX1536
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM ROX RX5000
Default Statusunknown
Version 0
Version < V2.17.1
Status affected
HerstellerSiemens
Produkt RUGGEDCOM RST2428P
Default Statusunknown
Version 0
Version < V4.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.471
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

https://access.redhat.com/security/cve/CVE-2025-49794
https://bugzilla.redhat.com/show_bug.cgi?id=2372373
https://access.redhat.com/errata/RHSA-2025:10630
https://access.redhat.com/errata/RHSA-2025:10698
https://access.redhat.com/errata/RHSA-2025:10699
https://access.redhat.com/errata/RHSA-2025:11580
https://access.redhat.com/errata/RHSA-2025:12098
https://access.redhat.com/errata/RHSA-2025:12099
https://access.redhat.com/errata/RHSA-2025:12199
https://access.redhat.com/errata/RHSA-2025:12239
https://access.redhat.com/errata/RHSA-2025:12240
https://access.redhat.com/errata/RHSA-2025:12241
https://access.redhat.com/errata/RHSA-2025:12237
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:18219
https://access.redhat.com/errata/RHSA-2025:15397
https://access.redhat.com/errata/RHSA-2025:18218
https://access.redhat.com/errata/RHSA-2025:18217
https://access.redhat.com/errata/RHSA-2025:18240
https://access.redhat.com/errata/RHSA-2025:19020
https://access.redhat.com/errata/RHSA-2025:19046
https://access.redhat.com/errata/RHSA-2025:19041
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
https://access.redhat.com/errata/RHSA-2025:19894
https://access.redhat.com/errata/RHSA-2025:21913
https://access.redhat.com/errata/RHSA-2026:0934
https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
https://access.redhat.com/errata/RHSA-2026:7519
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html