CVE-2025-27113 identifies a NULL pointer dereference vulnerability in the xmlPatMatch function of the libxml2 library, specifically in versions prior to 2.12.10 and 2.13.x before 2.13.6. libxml2 is a widely used XML parsing library in numerous applications and systems. The vulnerability arises when the xmlPatMatch function attempts to dereference a NULL pointer due to improper handling of certain XML pattern matching scenarios, leading to a crash of the parsing process. This results in a denial of service condition, as the affected application or service may terminate unexpectedly when processing crafted XML input. The CVSS v3.1 score is 2.9, reflecting low severity due to the requirement for local access, high attack complexity, and no impact on confidentiality or integrity. No authentication or user interaction is needed, but the attacker must have local access to the system. There are no known exploits in the wild, and no official patches have been linked yet, although upgrading to libxml2 versions 2.12.10 or 2.13.6 is recommended once available. The vulnerability is categorized under CWE-476 (NULL Pointer Dereference), a common programming error that can cause application instability. Given libxml2's extensive use in open-source and commercial software, any application relying on vulnerable versions could be susceptible to crashes triggered by malicious XML inputs.

For European organizations, the primary impact of CVE-2025-27113 is the potential for denial of service in applications and services that utilize vulnerable libxml2 versions for XML parsing. This could disrupt business operations, especially in environments where XML processing is critical, such as financial services, telecommunications, and government IT systems. While the vulnerability does not allow data theft or code execution, service interruptions could affect availability and reliability of critical systems. Organizations running legacy software or custom applications embedding libxml2 are at higher risk. The low severity and high attack complexity reduce the likelihood of widespread exploitation, but targeted attacks or accidental crashes could still cause operational issues. European entities with stringent uptime requirements or regulatory obligations around service availability should prioritize remediation to avoid compliance risks and reputational damage.

1. Upgrade libxml2 to version 2.12.10 or 2.13.6 as soon as these versions are available and verified stable. 2. Conduct an inventory of all software and systems using libxml2 to identify vulnerable versions. 3. Where immediate upgrade is not feasible, implement application-level input validation and filtering to detect and block malformed or suspicious XML inputs that could trigger the NULL pointer dereference. 4. Employ runtime monitoring and logging to detect crashes or abnormal terminations related to XML parsing components. 5. Isolate critical XML processing services to minimize impact of potential crashes on broader infrastructure. 6. Engage with software vendors and open-source communities to track patch releases and security advisories related to libxml2. 7. Incorporate this vulnerability into incident response plans to quickly address denial of service events stemming from XML parsing failures.