CVE-2025-49795 is a high-severity vulnerability identified in the libxml2 library used by Red Hat Enterprise Linux 10. The flaw is a NULL pointer dereference occurring during the processing of XPath XML expressions. Specifically, when libxml2 parses crafted malicious XML input containing XPath expressions, it can trigger an expired pointer dereference, causing the application or system process using libxml2 to crash. This results in a denial of service (DoS) condition. The vulnerability does not allow for code execution or data leakage but disrupts availability by crashing affected services. Exploitation requires no privileges or user interaction and can be performed remotely by sending malicious XML data to a service that parses XML with libxml2. The CVSS 3.1 score is 7.5, reflecting the network attack vector, low attack complexity, no privileges required, and no user interaction needed, with impact limited to availability. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. Given libxml2's widespread use in XML parsing across many applications and services on Red Hat Enterprise Linux 10, this vulnerability could affect various server and client applications that process XML data, especially those exposed to untrusted input.

For European organizations, the primary impact is service disruption due to denial of service attacks targeting systems running Red Hat Enterprise Linux 10 with vulnerable libxml2 versions. Critical infrastructure, financial institutions, government agencies, and enterprises relying on XML-based communication or data exchange could experience outages or degraded service availability. This could interrupt business operations, cause loss of productivity, and potentially impact dependent services or customers. Since the vulnerability does not allow data compromise or privilege escalation, confidentiality and integrity risks are minimal. However, availability disruptions in sectors such as finance, healthcare, and public services could have significant operational and reputational consequences. Organizations with internet-facing services parsing XML are at higher risk, especially if they do not have robust input validation or filtering mechanisms. The lack of known exploits in the wild currently reduces immediate risk but should not lead to complacency, as attackers may develop exploits given the low complexity and no authentication requirements.

European organizations should prioritize updating libxml2 to a patched version once available from Red Hat or their Linux distribution maintainers. In the interim, they should implement strict input validation and filtering to block or sanitize untrusted XML inputs, particularly XPath expressions. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block suspicious XML payloads. Monitoring and alerting on application crashes or service restarts related to XML processing can help detect exploitation attempts early. Segmentation of critical systems and limiting exposure of XML-processing services to untrusted networks will reduce attack surface. Organizations should also review and harden XML parsing configurations to disable unnecessary XPath processing if feasible. Finally, maintaining up-to-date backups and incident response plans will help mitigate the impact of potential denial of service incidents.