CVE-2025-6170

CWE-121Stack-based Buffer Overflow11 documents9 sources
Severity
2.5LOW
EPSS
0.1%
top 69.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJun 16
Latest updateAug 14

Description

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.0 | Impact: 1.4

Affected Packages2 packages

RubyGemsnokogiri< 1.18.9
Debianlibxml2< 2.9.10+dfsg-6.7+deb11u8+3

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

🔴Vulnerability Details

6
OSV
libxml2 vulnerabilities2025-08-14
OSV
Nokogiri patches vendored libxml2 to resolve multiple CVEs2025-07-21
GHSA
Nokogiri patches vendored libxml2 to resolve multiple CVEs2025-07-21
GHSA
GHSA-6qrf-r65h-2r77: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files2025-06-16
CVEList
Libxml2: stack buffer overflow in xmllint interactive shell command handling2025-06-16

📋Vendor Advisories

4
Ubuntu
libxml2 vulnerabilities2025-08-14
Red Hat
libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling2025-06-16
Microsoft
Libxml2: stack buffer overflow in xmllint interactive shell command handling2025-06-10
Debian
CVE-2025-6170: libxml2 - A flaw was found in the interactive shell of the xmllint command-line tool, used...2025