CVE-2025-7424

CWE-84316 documents9 sources

Severity

7.5HIGH

EPSS

0.1%

top 73.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libxslt Redhat Enterprise Linux Redhat Openshift Container Platform

Timeline

PublishedJul 10

Latest updateJan 7

Description

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5gnome/libxslt< 1.1.44

▶Debianlibxslt< 1.1.34-4+deb11u3+3

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

🔴Vulnerability Details

OSV

CVE-2025-7424: A flaw was found in the libxslt library↗2025-07-10

▶

CVEList

Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes↗2025-07-10

▶

GHSA

GHSA-w4gx-392p-5m58: A flaw was found in the libxslt library↗2025-07-10

▶

📋Vendor Advisories

Ubuntu

Libxslt vulnerability↗2026-01-07

▶

Apple

CVE-2025-7424: Safari 18.6↗2025-07-30

▶

Apple

CVE-2025-7424: iOS 18.6 and iPadOS 18.6↗2025-07-29

▶

Apple

CVE-2025-7424: macOS Sequoia 15.6↗2025-07-29

▶

Apple

CVE-2025-7424: visionOS 2.6↗2025-07-29

▶