CVE-2025-49795 — Expired Pointer Dereference in Libxml2

CWE-825 — Expired Pointer Dereference10 documents8 sources

Severity

7.5HIGHNVD

GHSA9.1OSV9.1

EPSS

0.8%

top 25.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nokogiri Debian Libxml2 Msrc Azl3 Libxml2 2.11.5-6 ON Azure Linux 3.0 +3 more

Timeline

PublishedJun 16

Latest updateApr 15

Description

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/libxml2

▶msrcmsrc/azl3_libxml2_2.11.5-6_on_azure_linux_3.0

▶msrcmsrc/azl3_libxml2_2.11.5-7_on_azure_linux_3.0

▶msrcmsrc/cbl2_libxml2_2.10.4-8_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_libxml2_2.10.4-9_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

Nokogiri patches vendored libxml2 to resolve multiple CVEs↗2025-07-21

▶

GHSA

Nokogiri patches vendored libxml2 to resolve multiple CVEs↗2025-07-21

▶

OSV

CVE-2025-49795: A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions↗2025-06-16

▶

GHSA

GHSA-gg7j-w83p-fxr9: A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions↗2025-06-16

▶

📋Vendor Advisories

Red Hat

libxml: Null pointer dereference leads to Denial of service (DoS)↗2025-06-11

▶

Microsoft

Libxml: null pointer dereference leads to denial of service (dos)↗2025-06-10

▶

Debian

CVE-2025-49795: libxml2 - A NULL pointer dereference vulnerability was found in libxml2 when processing XP...↗2025

▶

💬Community

Bugzilla

CVE-2025-49795 libxml2: NULL pointer dereference in XPath expression processing [fedora-43]↗2026-04-15

▶

Bugzilla

CVE-2025-49795 libxml: Null pointer dereference leads to Denial of service (DoS)↗2025-06-12

▶