CVE-2025-49796

EPSS 0.17%
Published 16.06.2025 15:14:28
Last modified 15.09.2025 18:15:38
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Affected products Warnungen 0 Metrics 2 CWE 1 References 20

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorRed Hat

≫

Product Red Hat Enterprise Linux 10

Default Statusaffected

Version < *

Version 0:2.12.5-7.el10_0

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version < *

Version 0:2.9.1-6.el7_9.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:2.9.7-21.el8_10.1

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_2.3

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version < *

Version 0:2.9.7-9.el8_4.6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-13.el8_6.10

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.7-16.el8_8.9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_6

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-1.el9_0.5

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:2.9.13-3.el9_2.7

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.9.13-10.el9_4

Status unaffected

VendorRed Hat

≫

Product Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-19

Status unaffected

VendorRed Hat

≫

Product Red Hat Web Terminal 1.11 on RHEL 9

Default Statusaffected

Version < *

Version 1.11-8

Status unaffected

VendorRed Hat

≫

Product Red Hat Web Terminal 1.12 on RHEL 9

Default Statusaffected

Version < *

Version 1.12-4

Status unaffected

VendorRed Hat

≫

Product Red Hat Discovery 2

Default Statusaffected

Version < *

Version sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344

Status unaffected

VendorRed Hat

≫

Product Red Hat Insights proxy 1.5

Default Statusaffected

Version < *

Version sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6

Default Statusunknown

VendorRed Hat

≫

Product Red Hat In-Vehicle Operating System 1

Default Statusaffected

VendorRed Hat

≫

Product Red Hat JBoss Core Services

Default Statusaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.388

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-49796

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199

https://access.redhat.com/errata/RHSA-2025:12239

https://access.redhat.com/errata/RHSA-2025:12240

https://access.redhat.com/errata/RHSA-2025:12241

https://access.redhat.com/errata/RHSA-2025:12237

https://access.redhat.com/errata/RHSA-2025:13267

https://access.redhat.com/errata/RHSA-2025:13335

https://access.redhat.com/errata/RHSA-2025:15828

https://access.redhat.com/errata/RHSA-2025:15827

https://nvd.nist.gov/vuln/detail/CVE-2025-49796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49796

EUVD