CVE-2025-6170

EPSS 0.02%
Published 16.06.2025 15:24:05
Last modified 12.08.2025 13:04:06
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Core Services Version-

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Xmlsoft ≫ Libxml2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.5	1	1.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
secalert@redhat.com	2.5	1	1.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://access.redhat.com/security/cve/CVE-2025-6170

Third Party Advisory

Mitigation

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-6170

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6170

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6170

EUVD