CVE-2025-24855 is a high-severity use-after-free vulnerability (CWE-416) found in the xmlsoft project's libxslt library, specifically in versions prior to 1.1.43. The vulnerability arises in the numbers.c component during nested XPath evaluations, where the XPath context node can be modified but is never restored properly. This flaw affects functions such as xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. The improper handling of the XPath context node leads to a use-after-free condition, which can cause memory corruption. According to the CVSS v3.1 vector (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H), the attack requires local access (AV:L), high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. The impact affects integrity and availability but not confidentiality, potentially allowing an attacker to execute arbitrary code or cause denial of service. No known exploits are currently reported in the wild, and no patches are linked yet, indicating the vulnerability is relatively new. The vulnerability is critical for applications relying on libxslt for XML transformations, especially those processing untrusted XML inputs, as exploitation could lead to system compromise or service disruption.

For European organizations, the impact of CVE-2025-24855 can be significant, particularly for entities that utilize libxslt in their software stacks, such as web servers, content management systems, or custom XML processing tools. Exploitation could lead to integrity violations by allowing attackers to manipulate or corrupt data processed by XML transformations. Additionally, availability could be compromised through crashes or denial-of-service conditions. Since the attack requires local access and has high complexity, the immediate risk is lower for remote attackers; however, insider threats or attackers who gain initial footholds could leverage this vulnerability to escalate privileges or disrupt services. Industries such as finance, healthcare, and government, which often process XML data and require high data integrity and availability, may face operational risks. The lack of confidentiality impact reduces the risk of data leakage but does not diminish the potential for service disruption or unauthorized code execution. The vulnerability's presence in widely used open-source libraries means that many European organizations could be indirectly affected through third-party software dependencies.

European organizations should take proactive steps to mitigate this vulnerability beyond generic patching advice. First, conduct a thorough inventory of all systems and applications using libxslt, including indirect dependencies in software stacks. Since no patch is currently linked, consider applying temporary mitigations such as restricting local access to systems running vulnerable libxslt versions to trusted personnel only. Employ application-level sandboxing or containerization to limit the impact of potential exploitation. Review and harden XML input validation and sanitization processes to minimize the risk of malicious XPath expressions triggering the vulnerability. Monitor system logs and memory usage for unusual behavior indicative of exploitation attempts. Engage with software vendors and open-source communities to track patch releases and apply updates promptly once available. Additionally, implement strict access controls and endpoint detection and response (EDR) solutions to detect and prevent local exploitation attempts. For critical systems, consider disabling or replacing libxslt-dependent functionality temporarily if feasible.