CVE-2025-8732 — Improper Resource Shutdown or Release in Libxml2

CWE-404 — Improper Resource Shutdown or Release CWE-674 — Uncontrolled Recursion CWE-776 — XML Entity Expansion8 documents7 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 96.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Debian Libxml2 Msrc Azl3 Libxml2 2.11.5-6 ON Azure Linux 3.0 +7 more

Timeline

PublishedAug 8

Latest updateJan 22

Description

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages10 packages

▶Ubuntuxmlsoft/libxml2< 2.9.13+dfsg-1ubuntu0.11+6

▶debiandebian/libxml2

▶msrcmsrc/azl3_libxml2_2.11.5-6_on_azure_linux_3.0

▶msrcmsrc/azl3_libxml2_2.11.5-7_on_azure_linux_3.0

▶msrcmsrc/azl3_libxml2_2.11.5-8_on_azure_linux_3.0

🔴Vulnerability Details

OSV

libxml2 vulnerabilities↗2026-01-22

▶

GHSA

GHSA-vr42-4x2q-392x: A vulnerability was found in libxml2 up to 2↗2025-08-08

▶

OSV

CVE-2025-8732: A vulnerability was found in libxml2 up to 2↗2025-08-08

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2026-01-22

▶

Microsoft

libxml2 xmlcatalog xmlParseSGMLCatalog recursion↗2025-08-12

▶

Red Hat

libxml2: libxml2: Uncontrolled Recursion Vulnerability↗2025-08-08

▶

Debian

CVE-2025-8732: libxml2 - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as probl...↗2025

▶