3.3

CVE-2025-8732

Exploit

libxml2 xmlcatalog xmlParseSGMLCatalog recursion

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.15.2
SiemensRuggedcom Rst2428p Firmware Version < 4.0
   SiemensRuggedcom Rst2428p Version-
IbmVios Version >= 4.1.0 < 4.1.1.30
IbmVios Version4.1.2.0
IbmAix Version >= 7.2.5 < 7.2.5.12
IbmAix Version >= 7.3.2 < 7.3.3.3
IbmAix Version7.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.051
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:N/I:N/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://vuldb.com/?id.319228
Third Party Advisory
Permissions Required
https://vuldb.com/?ctiid.319228
Third Party Advisory
Permissions Required
https://vuldb.com/?submit.622285
Third Party Advisory
Permissions Required
https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
Third Party Advisory
Exploit
Issue Tracking
https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853
Third Party Advisory
Exploit
Issue Tracking
https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link
Broken Link
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Third Party Advisory