cbcvebase.
CVE-2025-32414
published 2025-04-08

CVE-2025-32414: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.33%
24.8th percentile
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianlibxml2< libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)
msrcazl3_libxml2_2.11.5-5_on_azure_linux_3.0
msrccbl2_libxml2_2.10.4-7_on_cbl_mariner_2.0
nokogirinokogiri>= 0 < 1.18.81.18.8
xmlsoftlibxml2< 2.13.82.13.8
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-6.7+deb11u72.9.10+dfsg-6.7+deb11u7
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3~deb12u22.9.14+dfsg-1.3~deb12u2
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-12.12.7+dfsg+really2.9.14-1
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-12.12.7+dfsg+really2.9.14-1
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.102.9.10+dfsg-5ubuntu0.20.04.10
xmlsoftlibxml2>= 0 < 2.9.13+dfsg-1ubuntu0.72.9.13+dfsg-1ubuntu0.7
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3ubuntu3.32.9.14+dfsg-1.3ubuntu3.3
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm102.9.1+dfsg1-3ubuntu4.13+esm10
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm82.9.3+dfsg1-1ubuntu0.7+esm8
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm32.9.4+dfsg1-6.1ubuntu1.9+esm3
xmlsoftlibxml2>= 2.14.0 < 2.14.22.14.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_debian5.6MEDIUM
vendor_msrc5.6MEDIUM
vendor_redhat5.6MEDIUM
vendor_ubuntu5.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.