9.1

CVE-2025-49796

EPSS 1.78%
Veröffentlicht 16.06.2025 15:14:28
Zuletzt bearbeitet 12.05.2026 13:17:20
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libxml: type confusion leads to denial of service (dos)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 35

CNA 11 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX MX5000RE

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1400

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1500

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1501

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1510

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1511

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1512

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1524

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX1536

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM ROX RX5000

Default Statusunknown

Version 0

Version < V2.17.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.78%	0.827

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-49796

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199

https://access.redhat.com/errata/RHSA-2025:12239

https://access.redhat.com/errata/RHSA-2025:12240

https://access.redhat.com/errata/RHSA-2025:12241

https://access.redhat.com/errata/RHSA-2025:12237

https://access.redhat.com/errata/RHSA-2025:13267

https://access.redhat.com/errata/RHSA-2025:13335

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:15827

https://access.redhat.com/errata/RHSA-2025:18219

https://access.redhat.com/errata/RHSA-2025:15397

https://access.redhat.com/errata/RHSA-2025:18218

https://access.redhat.com/errata/RHSA-2025:18217

https://access.redhat.com/errata/RHSA-2025:18240

https://access.redhat.com/errata/RHSA-2025:19020

https://access.redhat.com/errata/RHSA-2025:19046

https://access.redhat.com/errata/RHSA-2025:19041

https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

https://access.redhat.com/errata/RHSA-2025:19894

https://access.redhat.com/errata/RHSA-2025:21913

https://access.redhat.com/errata/RHSA-2026:0934

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

https://access.redhat.com/errata/RHSA-2026:7519

https://cert-portal.siemens.com/productcert/html/ssa-577017.html

https://nvd.nist.gov/vuln/detail/CVE-2025-49796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49796

EUVD