CVE-2025-10911 is a use-after-free vulnerability identified in libxslt, a widely used library for transforming XML documents using XSLT stylesheets. The flaw occurs during the parsing of XSL nodes, where the software may dereference pointers that have already been freed, leading to undefined behavior and application crashes. This vulnerability specifically affects Red Hat Enterprise Linux 10, a major enterprise-grade Linux distribution. The CVSS v3.1 base score is 5.5, reflecting a medium severity level. The attack vector is local (AV:L), requiring the attacker to have local access to the system. The attack complexity is low (AC:L), no privileges are required (PR:N), but user interaction is necessary (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H), with no impact on confidentiality or integrity. No known exploits have been reported in the wild, and no patches are currently linked, indicating the vulnerability is newly disclosed. The vulnerability could be triggered by malicious or malformed XSLT files processed by libxslt, potentially causing denial of service through application crashes. This can affect services or applications relying on libxslt for XML transformations, especially in environments where untrusted XSLT inputs are processed.

The primary impact of CVE-2025-10911 is on system availability due to potential application crashes caused by dereferencing expired pointers. This can lead to denial of service conditions in applications or services that utilize libxslt for XML transformations. While the vulnerability does not compromise confidentiality or integrity, repeated crashes or service disruptions can affect business continuity and operational stability. Organizations running Red Hat Enterprise Linux 10 with applications that parse XSLT files, particularly those processing untrusted or user-supplied inputs, are at risk. The requirement for local access and user interaction limits remote exploitation, reducing the risk of widespread automated attacks. However, insider threats or compromised user accounts could exploit this vulnerability to disrupt critical services. The lack of known exploits in the wild suggests limited immediate threat, but the medium severity score warrants timely attention to prevent potential denial of service scenarios.

To mitigate CVE-2025-10911, organizations should: 1) Monitor Red Hat and libxslt vendor advisories closely and apply patches promptly once available. 2) Restrict local user access to systems running Red Hat Enterprise Linux 10, minimizing the risk of exploitation by unprivileged users. 3) Implement strict input validation and sanitization for XSLT files, especially if they originate from untrusted sources, to prevent triggering the vulnerability. 4) Employ memory protection mechanisms such as Address Space Layout Randomization (ASLR) and stack canaries to reduce the impact of use-after-free vulnerabilities. 5) Audit and limit the use of libxslt in critical applications where possible, considering alternative libraries or sandboxing techniques to isolate potential crashes. 6) Establish monitoring and alerting for application crashes related to libxslt usage to detect exploitation attempts early. 7) Educate users about the risks of processing untrusted XSLT files and enforce policies to prevent inadvertent execution of malicious inputs.