CVE-2025-6021

Medienbericht

Exploit

EPSS 0.61%
Veröffentlicht 12.06.2025 12:49:16
Zuletzt bearbeitet 20.03.2026 19:16:13
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 30

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.14.4

Redhat ≫ Jboss Core Services Version-

Redhat ≫ Openshift Container Platform Version4.12

Redhat ≫ Openshift Container Platform Version4.13

Redhat ≫ Openshift Container Platform Version4.14

Redhat ≫ Openshift Container Platform Version4.15

Redhat ≫ Openshift Container Platform Version4.16

Redhat ≫ Openshift Container Platform Version4.17

Redhat ≫ Openshift Container Platform Version4.18

Redhat ≫ Openshift Container Platform For Arm64 Version4.13

Redhat ≫ Openshift Container Platform For Arm64 Version4.14

Redhat ≫ Openshift Container Platform For Arm64 Version4.15

Redhat ≫ Openshift Container Platform For Arm64 Version4.16

Redhat ≫ Openshift Container Platform For Arm64 Version4.17

Redhat ≫ Openshift Container Platform For Arm64 Version4.18

Redhat ≫ Openshift Container Platform For Ibm Z Version4.13

Redhat ≫ Openshift Container Platform For Ibm Z Version4.14

Redhat ≫ Openshift Container Platform For Ibm Z Version4.15

Redhat ≫ Openshift Container Platform For Ibm Z Version4.16

Redhat ≫ Openshift Container Platform For Ibm Z Version4.17

Redhat ≫ Openshift Container Platform For Ibm Z Version4.18

Redhat ≫ Openshift Container Platform For Linuxone Version4.13

Redhat ≫ Openshift Container Platform For Linuxone Version4.14

Redhat ≫ Openshift Container Platform For Linuxone Version4.15

Redhat ≫ Openshift Container Platform For Linuxone Version4.16

Redhat ≫ Openshift Container Platform For Linuxone Version4.17

Redhat ≫ Openshift Container Platform For Linuxone Version4.18

Redhat ≫ Openshift Container Platform For Power Version4.13

Redhat ≫ Openshift Container Platform For Power Version4.14

Redhat ≫ Openshift Container Platform For Power Version4.15

Redhat ≫ Openshift Container Platform For Power Version4.16

Redhat ≫ Openshift Container Platform For Power Version4.17

Redhat ≫ Openshift Container Platform For Power Version4.18

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.4

Redhat ≫ Enterprise Linux Eus Version9.6

Redhat ≫ Enterprise Linux Eus Version10.0

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version9.4_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Version10.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.4_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.6_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version10.0_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version10.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.6_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version10.0_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version10.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.6_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version10.0_ppc64le

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Aus Version9.4

Redhat ≫ Enterprise Linux Server Aus Version9.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.4_ppc64le

Redhat ≫ Enterprise Linux Server Tus Version8.8

Redhat ≫ In-vehicle Operating System Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.696

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/Sicherheitsluecken-Tenable-Nessus-Angreifer-koennen-Sytstemdaten-ueberschreiben-10467111.html

Medienbericht

heise Security

09.08.2025 11:36

https://access.redhat.com/security/cve/CVE-2025-6021

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2372406

Issue Tracking

https://access.redhat.com/errata/RHSA-2025:10630

Third Party Advisory