9.1

CVE-2025-49794

EPSS 0.45%
Veröffentlicht 16.06.2025 15:24:31
Zuletzt bearbeitet 12.05.2026 13:17:20
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 34

CNA 11 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000RE

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1400

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1500

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1501

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1510

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1511

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1512

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1524

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1536

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.635

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

https://access.redhat.com/security/cve/CVE-2025-49794

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199

https://access.redhat.com/errata/RHSA-2025:12239

https://access.redhat.com/errata/RHSA-2025:12240

https://access.redhat.com/errata/RHSA-2025:12241

https://access.redhat.com/errata/RHSA-2025:12237

https://access.redhat.com/errata/RHSA-2025:13335

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:15827

https://access.redhat.com/errata/RHSA-2025:18219

https://access.redhat.com/errata/RHSA-2025:15397

https://access.redhat.com/errata/RHSA-2025:18218

https://access.redhat.com/errata/RHSA-2025:18217

https://access.redhat.com/errata/RHSA-2025:18240

https://access.redhat.com/errata/RHSA-2025:19020

https://access.redhat.com/errata/RHSA-2025:19046

https://access.redhat.com/errata/RHSA-2025:19041

https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

https://access.redhat.com/errata/RHSA-2025:19894

https://access.redhat.com/errata/RHSA-2025:21913

https://access.redhat.com/errata/RHSA-2026:0934

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

https://access.redhat.com/errata/RHSA-2026:7519

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

https://nvd.nist.gov/vuln/detail/CVE-2025-49794

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49794

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49794

EUVD