CVE-2025-49796: Out-of-bounds Read
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
AI Analysis
Technical Summary
CVE-2025-49796 is a type confusion vulnerability in the libxml2 library that can be triggered by processing specially crafted sch:name elements in XML input. This flaw leads to a denial of service condition by causing libxml2 to crash or exhibit undefined behavior due to memory corruption. The vulnerability affects Red Hat Enterprise Linux versions 8 and 10 across multiple architectures. Red Hat has issued security advisories RHSA-2025:10630 and RHSA-2025:10698 that include updated libxml2 packages addressing this and related vulnerabilities. The CVSS v3.1 base score is 9.1, reflecting critical severity with network attack vector, no privileges or user interaction required, and high impact on integrity and availability. No known exploits in the wild have been reported at this time.
Potential Impact
Successful exploitation of CVE-2025-49796 can cause libxml2 to crash, resulting in denial of service or potential memory corruption leading to undefined behavior. The vulnerability does not directly compromise confidentiality but can severely impact system integrity and availability. The CVSS score of 9.1 indicates critical severity. No known active exploitation has been reported. The impact is limited to systems using vulnerable versions of libxml2 on Red Hat Enterprise Linux 8 and 10.
Mitigation Recommendations
Red Hat has released official security updates for libxml2 that address CVE-2025-49796 along with related vulnerabilities. Users of Red Hat Enterprise Linux 8 and 10 should apply the updated libxml2 packages as detailed in Red Hat advisories RHSA-2025:10630 and RHSA-2025:10698. For update instructions, refer to https://access.redhat.com/articles/11258. Applying these updates mitigates the vulnerability. No additional mitigation is required beyond applying the official patches.
CVE-2025-49796: Out-of-bounds Read
Description
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-49796 is a type confusion vulnerability in the libxml2 library that can be triggered by processing specially crafted sch:name elements in XML input. This flaw leads to a denial of service condition by causing libxml2 to crash or exhibit undefined behavior due to memory corruption. The vulnerability affects Red Hat Enterprise Linux versions 8 and 10 across multiple architectures. Red Hat has issued security advisories RHSA-2025:10630 and RHSA-2025:10698 that include updated libxml2 packages addressing this and related vulnerabilities. The CVSS v3.1 base score is 9.1, reflecting critical severity with network attack vector, no privileges or user interaction required, and high impact on integrity and availability. No known exploits in the wild have been reported at this time.
Potential Impact
Successful exploitation of CVE-2025-49796 can cause libxml2 to crash, resulting in denial of service or potential memory corruption leading to undefined behavior. The vulnerability does not directly compromise confidentiality but can severely impact system integrity and availability. The CVSS score of 9.1 indicates critical severity. No known active exploitation has been reported. The impact is limited to systems using vulnerable versions of libxml2 on Red Hat Enterprise Linux 8 and 10.
Mitigation Recommendations
Red Hat has released official security updates for libxml2 that address CVE-2025-49796 along with related vulnerabilities. Users of Red Hat Enterprise Linux 8 and 10 should apply the updated libxml2 packages as detailed in Red Hat advisories RHSA-2025:10630 and RHSA-2025:10698. For update instructions, refer to https://access.redhat.com/articles/11258. Applying these updates mitigates the vulnerability. No additional mitigation is required beyond applying the official patches.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-06-10T22:17:05.287Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68503981a8c9212743844976
Added to database: 6/16/2025, 3:34:25 PM
Last enriched: 4/22/2026, 6:18:42 AM
Last updated: 5/9/2026, 2:40:49 AM
Views: 192
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.