CVE-2025-12863
published 2025-11-11CVE-2025-12863: Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 Mariner: Mariner redhat: redhat Customer Action Required: Yes
high7.5
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_libxml2_2.11.5-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_libxml2_2.11.5-8_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libxml2_2.10.4-9_on_cbl_mariner_2.0 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.15.1+dfsg-0.4 | 2.15.1+dfsg-0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
vendor_msrc·2025-11-11·CVSS 7.5
CVE-2025-12863 [HIGH] CWE-416 Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
OSV
CVE-2025-12863: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library
osv·2025-11-07
CVE-2025-12863 CVE-2025-12863: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
GHSA
GHSA-9fwq-22j4-xfwr: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library
ghsa_unreviewed·2025-11-07
CVE-2025-12863 [HIGH] CWE-416 GHSA-9fwq-22j4-xfwr: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
No detection rules found.
No public exploits indexed.
2025-11-11
Published