CVE-2025-24855 is a use-after-free vulnerability identified in the libxslt library, a widely used XSLT processing library developed by xmlsoft. The vulnerability arises in the numbers.c component prior to version 1.1.43, where nested XPath evaluations improperly manage the XPath context node. Specifically, during nested evaluations, the context node can be modified but is never restored to its original state, leading to a use-after-free condition. This issue is linked to several internal functions including xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. The improper handling of context nodes can cause memory corruption, which attackers might exploit to execute arbitrary code or cause a denial of service by crashing the application. The CVSS v3.1 base score is 7.8, indicating high severity, with an attack vector limited to local access (AV:L), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. While no public exploits are currently known, the vulnerability poses a significant risk to applications relying on libxslt for XML transformations, especially those processing untrusted input. The lack of an official patch at the time of publication necessitates immediate attention to mitigation strategies.

The vulnerability could allow attackers with local access to exploit the use-after-free condition to execute arbitrary code or cause denial of service by crashing applications that utilize libxslt for XML processing. This can compromise the integrity and availability of affected systems. Since libxslt is embedded in many software products and services that perform XML transformations, the impact can be widespread, affecting web servers, middleware, and other enterprise applications. Exploitation does not require user interaction or privileges, increasing the risk in multi-user environments or shared hosting. The change in scope indicates that the vulnerability could affect other components or processes beyond libxslt itself, potentially leading to broader system compromise. Organizations relying on libxslt in critical infrastructure, software development, or data processing pipelines may face operational disruptions, data integrity issues, or unauthorized code execution if exploited.

1. Monitor for and apply official patches or updates from the libxslt project as soon as they become available, specifically upgrading to version 1.1.43 or later. 2. Until patches are available, restrict local access to systems running libxslt to trusted users only, minimizing the attack surface. 3. Implement strict input validation and sanitization on all XML inputs processed by libxslt to prevent malicious XPath expressions that could trigger the vulnerability. 4. Employ sandboxing or containerization techniques to isolate processes using libxslt, limiting the impact of potential exploitation. 5. Conduct code audits and static analysis on custom applications integrating libxslt to identify unsafe usage patterns of XPath evaluations. 6. Monitor system logs and application behavior for signs of memory corruption or crashes related to XML processing. 7. Consider disabling or limiting features that perform nested XPath evaluations if feasible within the application context. 8. Educate developers and system administrators about the vulnerability and encourage secure coding practices around XML processing.