7.8
CVE-2025-7425
- EPSS 0.34%
- Veröffentlicht 10.07.2025 13:53:37
- Zuletzt bearbeitet 29.06.2026 21:16:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CN 4100
Default Statusunknown
Version
0
Version <
V5.0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Default Statusunknown
Version
0
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.256 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.8 | 1.4 | 5.8 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://access.redhat.com/errata/RHSA-2025:12447
https://access.redhat.com/errata/RHSA-2025:12450
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13313
https://access.redhat.com/errata/RHSA-2025:13314
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:13308
https://access.redhat.com/errata/RHSA-2025:13309
https://access.redhat.com/errata/RHSA-2025:13310
https://access.redhat.com/errata/RHSA-2025:13311
https://access.redhat.com/errata/RHSA-2025:13312
https://access.redhat.com/errata/RHSA-2025:13464
https://access.redhat.com/errata/RHSA-2025:13622
https://access.redhat.com/errata/RHSA-2025:14059
https://access.redhat.com/errata/RHSA-2025:14396
https://access.redhat.com/errata/RHSA-2025:14819
https://access.redhat.com/errata/RHSA-2025:14818
https://access.redhat.com/errata/RHSA-2025:14853
https://access.redhat.com/errata/RHSA-2025:14858
https://access.redhat.com/errata/RHSA-2025:15308
https://access.redhat.com/errata/RHSA-2025:15828
https://access.redhat.com/errata/RHSA-2025:15827
https://access.redhat.com/errata/RHSA-2025:15672
https://access.redhat.com/errata/RHSA-2025:18219
https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/37
http://www.openwall.com/lists/oss-security/2025/07/11/2
https://access.redhat.com/errata/RHSA-2025:21885
https://access.redhat.com/errata/RHSA-2025:21913
https://access.redhat.com/errata/RHSA-2026:0934
https://access.redhat.com/errata/RHBA-2025:12345
https://access.redhat.com/errata/RHSA-2026:11503
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html