What is CVE-2025-7425?

CVE-2025-7425 is a high-severity vulnerability in Gnome Libxml2, classified under Use After Free. CVSS score: 7.8/10. Published 2025-07-10.

How severe is CVE-2025-7425?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2025-7425 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Gnome Libxml2

CVE-2025-7425

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the prope…

Vulnerability class: Use-After-Free

EPSS: 0.003 (20.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H.

Affected products

Gnome Libxml2 — versions 0
Red Hat Cert-manager Operator For Openshift 1.16 — versions v1.16.5-1760515757
Red Hat File Integrity Operator 1 — versions v1.3
Red Hat Openshift Compliance Operator 1 — versions 1.8.0
Red Hat Openshift File Integrity Operator - Fio 1 — versions v1.3
Red Hat Discovery 2 — versions 2.0.1-1754478727
Red Hat Enterprise Linux 10 — versions 0:2.12.5-8.el10_0, 0:1.1.39-8.el10_0
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7 Extended Lifecycle Support — versions 0:2.9.1-6.el7_9.12
Red Hat Enterprise Linux 8 — versions 0:2.9.7-21.el8_10.2

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2025-7425?: CVE-2025-7425 is a high-severity vulnerability in Gnome Libxml2, classified under Use After Free. CVSS score: 7.8/10. Published 2025-07-10.
How severe is CVE-2025-7425?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2025-7425 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.