cbcvebase.
CVE-2025-10911
published 2025-09-25

CVE-2025-10911: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.16%
5.7th percentile
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlibxslt< libxslt 1.1.43-0.3 (forky)libxslt 1.1.43-0.3 (forky)
msrcazl3_libxslt_1.1.43-1_on_azure_linux_3.0
msrcazl3_libxslt_1.1.43-3_on_azure_linux_3.0
msrccbl2_libxslt_1.1.34-10_on_cbl_mariner_2.0
msrccbl2_libxslt_1.1.34-8_on_cbl_mariner_2.0
msrccbl2_libxslt_1.1.34-9_on_cbl_mariner_2.0
xmlsoftlibxslt>= 0 < 1.1.43-0.31.1.43-0.3

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.