7.8
CVE-2025-7425
- EPSS 0.19%
- Veröffentlicht 10.07.2025 13:53:37
- Zuletzt bearbeitet 12.05.2026 13:17:28
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX MX5000RE
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1400
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1500
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1501
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1510
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1511
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1512
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1524
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX1536
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
RUGGEDCOM ROX RX5000
Default Statusunknown
Version
0
Version <
V2.17.1
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC CN 4100
Default Statusunknown
Version
0
Version <
V5.0
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
Default Statusunknown
Version
0
Version <
*
Status
affected
HerstellerSiemens
≫
Produkt
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
Default Statusunknown
Version
V3.1.5
Version <
*
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.8 | 1.4 | 5.8 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.