CVE-2025-24855

CWE-416Use After FreeCWE-139520 documents11 sources
Severity
7.8HIGH
EPSS
0.0%
top 84.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxslt
Timeline
PublishedMar 14
Latest updateSep 30

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:HExploitability: 1.4 | Impact: 5.8

Affected Packages4 packages

CVEListV5xmlsoft/libxslt< 1.1.43
NVDxmlsoft/libxslt< 1.1.43
Debianlibxslt< 1.1.34-4+deb11u2+3
RubyGemsnokogiri< 1.18.4

🔴Vulnerability Details

5
GHSA
GHSA-3cgj-v3m4-cgcq: numbers2025-03-14
OSV
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs2025-03-14
OSV
CVE-2025-24855: numbers2025-03-14
CVEList
CVE-2025-24855: numbers2025-03-14
GHSA
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs2025-03-14

📋Vendor Advisories

14
Ubuntu
Libxslt vulnerabilities2025-09-30
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) — CVE-2025-248552025-07-15
Ubuntu
Libxslt vulnerability2025-03-20
Red Hat
libxslt: Use-After-Free in libxslt numbers.c2025-03-14
Microsoft
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsl2025-03-11
CVE-2025-24855 (HIGH CVSS 7.8) | numbers.c in libxslt before 1.1.43 | cvebase.io