CVE-2025-32415
published 2025-04-17CVE-2025-32415: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.53%
40.6th percentile
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm) | libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm) |
| msrc | azl3_libxml2_2.11.5-5_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libxml2_2.10.4-7_on_cbl_mariner_2.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.18.8 | 1.18.8 |
| xmlsoft | libxml2 | < 2.13.8 | 2.13.8 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-6.7+deb11u7 | 2.9.10+dfsg-6.7+deb11u7 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.3~deb12u2 | 2.9.14+dfsg-1.3~deb12u2 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-1 | 2.12.7+dfsg+really2.9.14-1 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-1 | 2.12.7+dfsg+really2.9.14-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-5ubuntu0.20.04.10 | 2.9.10+dfsg-5ubuntu0.20.04.10 |
| xmlsoft | libxml2 | >= 0 < 2.9.13+dfsg-1ubuntu0.7 | 2.9.13+dfsg-1ubuntu0.7 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.3ubuntu3.3 | 2.9.14+dfsg-1.3ubuntu3.3 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm10 | 2.9.1+dfsg1-3ubuntu4.13+esm10 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm8 | 2.9.3+dfsg1-1ubuntu0.7+esm8 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm3 | 2.9.4+dfsg1-6.1ubuntu1.9+esm3 |
| xmlsoft | libxml2 | >= 2.14.0 < 2.14.2 | 2.14.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_oracle7.5LOW
vendor_ubuntu5.6MEDIUM
vendor_debian2.9LOW
vendor_msrc2.9LOW
vendor_redhat2.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libxml2 vulnerabilities
osv·2025-11-27·CVSS 7.5
CVE-2025-32414 [HIGH] libxml2 vulnerabilities
libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
(CVE-2025-7425)
OSV
libxml2 vulnerabilities
osv·2025-04-28·CVSS 7.5
CVE-2025-32414 [HIGH] libxml2 vulnerabilities
libxml2 vulnerabilities
USN-7467-1 fixed several vulnerabilities in libxml2. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
OSV
libxml2 vulnerabilities
osv·2025-04-28·CVSS 7.5
CVE-2025-32414 [HIGH] libxml2 vulnerabilities
libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
GHSA
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
ghsa·2025-04-21·CVSS 7.5
CVE-2025-32414 [HIGH] CWE-1395 Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary
Nokogiri v1.18.8 upgrades its dependency libxml2 to [v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).
libxml2 v2.13.8 addresses:
- CVE-2025-32414
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
## Impact
### CVE-2025-32414: No impact
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
**There is no impact** from this CVE for Nokogiri users.
OSV
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
osv·2025-04-21·CVSS 7.5
CVE-2025-32414 [HIGH] Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary
Nokogiri v1.18.8 upgrades its dependency libxml2 to [v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).
libxml2 v2.13.8 addresses:
- CVE-2025-32414
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
## Impact
### CVE-2025-32414: No impact
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
**There is no impact** from this CVE for Nokogiri users.
OSV
CVE-2025-32415: In libxml2 before 2
osv·2025-04-17·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415: In libxml2 before 2
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
GHSA
GHSA-w8fw-fj9q-vcjj: In libxml2 before 2
ghsa_unreviewed·2025-04-17
CVE-2025-32415 [LOW] CWE-125 GHSA-w8fw-fj9q-vcjj: In libxml2 before 2
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2025-11-27·CVSS 5.6
CVE-2025-7425 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
(CVE-202
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (libxml2) — CVE-2025-32415
vendor_oracle·2025-10-15·CVSS 7.5
CVE-2025-32415 [LOW] Oracle Oracle Communications Applications Risk Matrix: Core (libxml2) — CVE-2025-32415
Oracle Oracle Communications Applications Risk Matrix: Core (libxml2) vulnerability
CVE: CVE-2025-32415
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Oracle
Oracle Oracle MySQL Risk Matrix: MySQL Workbench (libxml2) — CVE-2025-32415
vendor_oracle·2025-07-15·CVSS 7.5
CVE-2025-32415 [LOW] Oracle Oracle MySQL Risk Matrix: MySQL Workbench (libxml2) — CVE-2025-32415
Oracle Oracle MySQL Risk Matrix: MySQL Workbench (libxml2) vulnerability
CVE: CVE-2025-32415
CVSS: 7.5
Protocol: MySQL Workbench
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2025 (JUL 2025)
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 5.6
CVE-2025-32414 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 5.6
CVE-2025-32415 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
USN-7467-1 fixed several vulnerabilities in libxml2. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
vendor_redhat·2025-04-17·CVSS 2.9
CVE-2025-32415 [LOW] CWE-125 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.
Statement: To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2
Microsoft
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an X
vendor_msrc·2025-04-08·CVSS 2.9
CVE-2025-32415 [LOW] CWE-1284 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an X
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for mo
Debian
CVE-2025-32415: libxml2 - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in...
vendor_debian·2025·CVSS 2.9
CVE-2025-32415 [LOW] CVE-2025-32415: libxml2 - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Scope: local
bookworm: resolved (fixed in 2.9.14+dfsg-1.3~deb12u2)
bullseye: resolved (fixed in 2.9.10+dfsg-6.7+deb11u7)
forky: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
sid: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
trixie: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
bugzilla·2025-04-18·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 40 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 40 on 2025-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '40'.
Pac
Bugzilla
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
bugzilla·2025-04-18·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Pac
Bugzilla
CVE-2025-32415 mingw-libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
bugzilla·2025-04-18·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 mingw-libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
CVE-2025-32415 mingw-libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'
Bugzilla
CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
bugzilla·2025-04-18·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This comment was flagged as spam, view the edit history to see the original text if required.
---
This comment was flagged as spam, view the edit history to see the original text if required.
---
I’ve explored quite a few over time! Fire Joker is available at several UK-licensed online casinos, but if you want a really reliable place to try i
Bugzilla
CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
bugzilla·2025-04-18·CVSS 2.9
CVE-2025-32415 [LOW] CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 40 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 40 on 2025-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '4
Bugzilla
CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
bugzilla·2025-04-18·CVSS 2.9
CVE-2025-32415 [LOW] CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
CVE-2025-32415 pcem: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-40]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 40 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 40 on 2025-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '40'.
Packag
Bugzilla
CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
bugzilla·2025-04-18·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
CVE-2025-32415 qt5-qtwebengine: Out-of-bounds Read in xmlSchemaIDCFillNodeTables [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2360768
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This comment was flagged as spam, view the edit history to see the original text if required.
---
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no long
Bugzilla
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
bugzilla·2025-04-17·CVSS 7.5
CVE-2025-32415 [HIGH] CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
CVE-2025-32415 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:13203 https://access.redhat.com/errata/RHSA-2025:13203
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:13428 https://access.redhat.com/errata/RHSA-2025:13428
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:13429
Qualys
Oracle Critical Patch Update, July 2025 Security Update Review
blogs_qualys·2025-07-16
Oracle Critical Patch Update, July 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 84, constituting about 27% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 40 and 36 security patches.
228 of the 309 security patches provided by the July Critical Patch Update (about 74%) are for non-Oracle CVEs, su
Qualys
Oracle Critical Patch Update, July 2025 Security Update Review | Qualys
blogs_qualys·2025-07-16
Oracle Critical Patch Update, July 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 84, constituting about 27% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 40 and 36 security patches.
228 of the 309 security patches provided by the July Critical Patch Update (about 74%) are for non-Oracle CVE
2025-04-17
Published