Vulnerability in Gnome Libxslt
CVE-2025-7424
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application o…
EPSS: 0.004 (59.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Gnome Libxslt — versions 0
- Xmlsoft Libxslt
- Red Hat Enterprise Linux 10 — versions 0:2.12.5-8.el10_0, 0:1.1.39-8.el10_0
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Hardened Images — versions 1.1.45-0.1.hum1
- Red Hat Openshift Container Platform 4
- Redhat Enterprise_linux — versions 6.0, 7.0, 8.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHBA-2025:12345 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2026:11015 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)
- RHBZ#2379228 (x_refsource_REDHAT, issue-tracking, Third Party Advisory, Issue Tracking)
- secalert@redhat.com
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2025-7424?
- CVE-2025-7424 is a high-severity vulnerability in Gnome Libxslt, classified under Access of Resource Using Incompatible Type (Type Confusion). CVSS score: 7.5/10. Published 2025-07-10.
- How severe is CVE-2025-7424?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2025-7424 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.