CVE-2025-49796
published 2025-06-16CVE-2025-49796: A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an…
PriorityP351critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.44%
69.8th percentile
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.9.14+dfsg-1.3~deb12u3 (bookworm) | libxml2 2.9.14+dfsg-1.3~deb12u3 (bookworm) |
| msrc | azl3_libxml2_2.11.5-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libxml2_2.10.4-8_on_cbl_mariner_2.0 | — | — |
| msrc | cm2_libxml2_2.10.4-8_on_cbl_mariner_2.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.18.9 | 1.18.9 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-6.7+deb11u8 | 2.9.10+dfsg-6.7+deb11u8 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.3~deb12u3 | 2.9.14+dfsg-1.3~deb12u3 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-2 | 2.12.7+dfsg+really2.9.14-2 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-2 | 2.12.7+dfsg+really2.9.14-2 |
| xmlsoft | libxml2 | >= 0 < 2.9.13+dfsg-1ubuntu0.8 | 2.9.13+dfsg-1ubuntu0.8 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.3ubuntu3.4 | 2.9.14+dfsg-1.3ubuntu3.4 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm8 | 2.9.1+dfsg1-3ubuntu4.13+esm8 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm9 | 2.9.3+dfsg1-1ubuntu0.7+esm9 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm4 | 2.9.4+dfsg1-6.1ubuntu1.9+esm4 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-5ubuntu0.20.04.10+esm1 | 2.9.10+dfsg-5ubuntu0.20.04.10+esm1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
ghsa9.1CRITICAL
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
vendor_oracle9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Reports (libxml2) — CVE-2025-49796
vendor_oracle·2026-01-15·CVSS 9.1
CVE-2025-49796 [CRITICAL] Oracle Oracle Financial Services Applications Risk Matrix: Reports (libxml2) — CVE-2025-49796
Oracle Oracle Financial Services Applications Risk Matrix: Reports (libxml2) vulnerability
CVE: CVE-2025-49796
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2026 (JAN 2026)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (libxml2) — CVE-2025-49796
vendor_oracle·2025-10-15·CVSS 9.1
CVE-2025-49796 [CRITICAL] Oracle Oracle Communications Applications Risk Matrix: Security (libxml2) — CVE-2025-49796
Oracle Oracle Communications Applications Risk Matrix: Security (libxml2) vulnerability
CVE: CVE-2025-49796
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2025-08-14·CVSS 9.1
CVE-2025-6021 [CRITICAL] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
Ahmed Lekssays discovered that libxml2 did not properly perform certain
mathematical operations, leading to an integer overflow. An attacker
could possibly use this issue to cause a crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-6021)
Ahmed Lekssays discovered that libxml2 did not properly validate the size
of an untrusted input stream. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-6170)
Nikita Sveshnikov discovered that libxml2 did not properly handle certain
XPath expressions, leading to a use-after-free vulnerability. An attacker
could potentially exploit this issue
Red Hat
libxml: Type confusion leads to Denial of service (DoS)
vendor_redhat·2025-06-11·CVSS 9.1
CVE-2025-49796 [CRITICAL] CWE-125 libxml: Type confusion leads to Denial of service (DoS)
libxml: Type confusion leads to Denial of service (DoS)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Statement: The Red Hat Product Secu
Microsoft
Libxml: type confusion leads to denial of service (dos)
vendor_msrc·2025-06-10·CVSS 9.1
CVE-2025-49796 [CRITICAL] CWE-125 Libxml: type confusion leads to denial of service (dos)
Libxml: type confusion leads to denial of service (dos)
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://lea
Debian
CVE-2025-49796: libxml2 - A vulnerability was found in libxml2. Processing certain sch:name elements from ...
vendor_debian·2025·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796: libxml2 - A vulnerability was found in libxml2. Processing certain sch:name elements from ...
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Scope: local
bookworm: resolved (fixed in 2.9.14+dfsg-1.3~deb12u3)
bullseye: resolved (fixed in 2.9.10+dfsg-6.7+deb11u8)
forky: resolved (fixed in 2.12.7+dfsg+really2.9.14-2)
sid: resolved (fixed in 2.12.7+dfsg+really2.9.14-2)
trixie: resolved (fixed in 2.12.7+dfsg+really2.9.14-2)
OSV
libxml2 vulnerabilities
osv·2025-08-14·CVSS 9.1
CVE-2025-6021 [CRITICAL] libxml2 vulnerabilities
libxml2 vulnerabilities
Ahmed Lekssays discovered that libxml2 did not properly perform certain
mathematical operations, leading to an integer overflow. An attacker
could possibly use this issue to cause a crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-6021)
Ahmed Lekssays discovered that libxml2 did not properly validate the size
of an untrusted input stream. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-6170)
Nikita Sveshnikov discovered that libxml2 did not properly handle certain
XPath expressions, leading to a use-after-free vulnerability. An attacker
could potentially exploit this issue to cause a denial of service.
(CVE-2025-49794)
Nikita Sveshnik
OSV
Nokogiri patches vendored libxml2 to resolve multiple CVEs
osv·2025-07-21·CVSS 9.1
CVE-2025-6021 [CRITICAL] Nokogiri patches vendored libxml2 to resolve multiple CVEs
Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary
Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796.
## Impact and severity
### CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
NVD claims a severity of 7.5 High (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae
### CVE-2025-6170
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user input
GHSA
Nokogiri patches vendored libxml2 to resolve multiple CVEs
ghsa·2025-07-21·CVSS 9.1
CVE-2025-6021 [CRITICAL] Nokogiri patches vendored libxml2 to resolve multiple CVEs
Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary
Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796.
## Impact and severity
### CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
NVD claims a severity of 7.5 High (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae
### CVE-2025-6170
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user input
OSV
CVE-2025-49796: A vulnerability was found in libxml2
osv·2025-06-16·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796: A vulnerability was found in libxml2
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
GHSA
GHSA-83xx-9f6p-vwfj: A vulnerability was found in libxml2
ghsa_unreviewed·2025-06-16
CVE-2025-49796 [CRITICAL] CWE-125 GHSA-83xx-9f6p-vwfj: A vulnerability was found in libxml2
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-49796 pcem: Type confusion leads to Denial of service (DoS) [fedora-42]
bugzilla·2025-09-02·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796 pcem: Type confusion leads to Denial of service (DoS) [fedora-42]
CVE-2025-49796 pcem: Type confusion leads to Denial of service (DoS) [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-49796 qt5-qtwebengine: Type confusion leads to Denial of service (DoS) [fedora-42]
bugzilla·2025-09-02·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796 qt5-qtwebengine: Type confusion leads to Denial of service (DoS) [fedora-42]
CVE-2025-49796 qt5-qtwebengine: Type confusion leads to Denial of service (DoS) [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-49796 mingw-libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
bugzilla·2025-06-12·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796 mingw-libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
CVE-2025-49796 mingw-libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2372385
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Bugzilla
CVE-2025-49796 libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
bugzilla·2025-06-12·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796 libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
CVE-2025-49796 libxml2: Type confusion leads to Denial of service (DoS) [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2372385
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Pack
Bugzilla
CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
bugzilla·2025-06-12·CVSS 9.1
CVE-2025-49796 [CRITICAL] CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
HASH(0x55601309bee0)
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:10630 https://access.redhat.com/errata/RHSA-2025:10630
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:10698 https://access.redhat.com/errata/RHSA-2025:10698
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:10699 https://access.redhat.com/errata/RHSA-2025:10699
---
This issue has been addressed in the following products:
RHEL-8 based Middleware Containers
Via RHSA-2025:11386 https://access.redhat.com/errata/RHSA-2025:11386
---
This issue has been addressed in the fol
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Update (
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Upd
https://access.redhat.com/errata/RHSA-2025:10630https://access.redhat.com/errata/RHSA-2025:10698https://access.redhat.com/errata/RHSA-2025:10699https://access.redhat.com/errata/RHSA-2025:11580https://access.redhat.com/errata/RHSA-2025:12098https://access.redhat.com/errata/RHSA-2025:12099https://access.redhat.com/errata/RHSA-2025:12199https://access.redhat.com/errata/RHSA-2025:12237https://access.redhat.com/errata/RHSA-2025:12239https://access.redhat.com/errata/RHSA-2025:12240https://access.redhat.com/errata/RHSA-2025:12241https://access.redhat.com/errata/RHSA-2025:13267https://access.redhat.com/errata/RHSA-2025:13335https://access.redhat.com/errata/RHSA-2025:15397https://access.redhat.com/errata/RHSA-2025:15827https://access.redhat.com/errata/RHSA-2025:15828https://access.redhat.com/errata/RHSA-2025:18217https://access.redhat.com/errata/RHSA-2025:18218https://access.redhat.com/errata/RHSA-2025:18219https://access.redhat.com/errata/RHSA-2025:18240https://access.redhat.com/errata/RHSA-2025:19020https://access.redhat.com/errata/RHSA-2025:19041https://access.redhat.com/errata/RHSA-2025:19046https://access.redhat.com/errata/RHSA-2025:19894https://access.redhat.com/errata/RHSA-2025:21913https://access.redhat.com/errata/RHSA-2026:0934https://access.redhat.com/errata/RHSA-2026:7519https://access.redhat.com/security/cve/CVE-2025-49796https://bugzilla.redhat.com/show_bug.cgi?id=2372385https://gitlab.gnome.org/GNOME/libxml2/-/issues/933https://lists.debian.org/debian-lts-announce/2025/07/msg00014.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-253495.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-577017.html
2025-06-16
Published