CVE-2025-11731
published 2025-10-14CVE-2025-11731: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the…
PriorityP411low3.1CVSS 3.1
AVNACHPRNUIRSUCNINAL
EPSS
0.26%
17.1th percentile
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxslt | < libxslt 1.1.43-0.3 (forky) | libxslt 1.1.43-0.3 (forky) |
| msrc | azl3_libxslt_1.1.43-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libxslt_1.1.43-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libxslt_1.1.34-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libxslt_1.1.34-9_on_cbl_mariner_2.0 | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.43-0.3 | 1.1.43-0.3 |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
osv3.1LOW
vendor_debian3.1LOW
vendor_msrc3.1LOW
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
vendor_msrc·2025-10-14·CVSS 3.1
CVE-2025-11731 [LOW] CWE-843 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
Red Hat
libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt
vendor_redhat·2025-10-14·CVSS 3.1
CVE-2025-11731 [LOW] CWE-843 libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt
libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential
Debian
CVE-2025-11731: libxslt - A flaw was found in the exsltFuncResultComp() function of libxslt, which handles...
vendor_debian·2025·CVSS 3.1
CVE-2025-11731 [LOW] CVE-2025-11731: libxslt - A flaw was found in the exsltFuncResultComp() function of libxslt, which handles...
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.1.43-0.3)
sid: resolved (fixed in 1.1.43-0.3)
trixie: open
GHSA
GHSA-9f23-58rv-2hx4: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing
ghsa_unreviewed·2025-10-14
CVE-2025-11731 [LOW] CWE-843 GHSA-9f23-58rv-2hx4: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
OSV
CVE-2025-11731: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing
osv·2025-10-14·CVSS 3.1
CVE-2025-11731 [LOW] CVE-2025-11731: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-11731 qt5-qtwebengine: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
bugzilla·2025-10-14·CVSS 3.1
CVE-2025-11731 [LOW] CVE-2025-11731 qt5-qtwebengine: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
CVE-2025-11731 qt5-qtwebengine: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to
Bugzilla
CVE-2025-11731 libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
bugzilla·2025-10-14·CVSS 3.1
CVE-2025-11731 [LOW] CVE-2025-11731 libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
CVE-2025-11731 libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
2025-10-14
Published