CVE-2025-24855 is a use-after-free vulnerability classified under CWE-416 affecting the xmlsoft project's libxslt library prior to version 1.1.43. The vulnerability stems from the improper management of the XPath context node during nested XPath evaluations. Specifically, when functions such as xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal are invoked, the context node can be modified but is never restored to its original state. This leads to a use-after-free condition where memory that has been freed is subsequently accessed, potentially causing undefined behavior including memory corruption. The vulnerability requires local access (AV:L) and has a high attack complexity (AC:H), with no privileges required (PR:N) and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability can affect components beyond the initially vulnerable library. The CVSS v3.1 base score is 7.8, indicating a high severity. Exploitation could allow an attacker to corrupt memory, leading to arbitrary code execution or denial of service. No known exploits have been reported in the wild as of the publication date. The vulnerability is particularly relevant for applications and services that rely on libxslt for XML transformations involving complex XPath expressions, which are common in many enterprise and critical infrastructure environments.

For European organizations, the impact of CVE-2025-24855 can be significant, especially for those relying on libxslt for XML processing in critical applications such as web services, data interchange, and configuration management. Exploitation could lead to arbitrary code execution or service disruption, compromising the integrity and availability of affected systems. This is particularly concerning for sectors like finance, telecommunications, government, and industrial control systems, where XML processing is prevalent. The requirement for local access and high attack complexity somewhat limits remote exploitation, but insider threats or compromised local accounts could leverage this vulnerability to escalate privileges or disrupt services. Additionally, the scope change indicates that the vulnerability could affect multiple components, increasing the potential attack surface. European organizations with legacy systems or delayed patching cycles are at higher risk. The absence of known exploits currently provides a window for proactive mitigation before widespread attacks emerge.

To mitigate CVE-2025-24855, European organizations should immediately upgrade libxslt to version 1.1.43 or later where the vulnerability is addressed. If upgrading is not immediately feasible, organizations should audit and restrict local access to systems running vulnerable libxslt versions, especially those processing untrusted XML inputs. Implement strict access controls and monitoring to detect unusual local activity involving XML transformations. Developers should review and refactor code that performs nested XPath evaluations to ensure proper context management and avoid unsafe memory operations. Employ runtime protections such as memory safety tools (e.g., AddressSanitizer) during development and testing to detect use-after-free conditions. Additionally, organizations should maintain an inventory of applications and services using libxslt to prioritize patching efforts. Network segmentation and application whitelisting can further reduce the risk of exploitation. Finally, stay informed on vendor advisories and emerging exploit reports to adapt defenses accordingly.