The vulnerability CVE-2025-6021 affects the libxml2 library's xmlBuildQName function, where integer overflow during buffer size calculation can lead to a stack buffer overflow. This flaw can cause memory corruption or denial of service when processing crafted XML input. Red Hat has classified this issue as important and released security updates for Red Hat Enterprise Linux versions 8 and 10. The CVSS v3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating network exploitable with low attack complexity, no privileges or user interaction required, and impact on availability only. The vendor advisory confirms the availability of patches and provides detailed instructions for remediation.

Successful exploitation of this vulnerability can cause denial of service due to a stack-based buffer overflow triggered by integer overflow in libxml2's xmlBuildQName function. There is no direct impact on confidentiality or integrity reported. The vulnerability affects availability of systems processing malicious XML input using libxml2. No known exploits in the wild have been reported at this time.

Red Hat has released official security updates for libxml2 addressing CVE-2025-6021 for Red Hat Enterprise Linux 8 and 10. Users should apply these updates promptly following Red Hat's guidance at https://access.redhat.com/articles/11258. The vendor advisory classifies this update as important and provides updated packages for multiple architectures. Applying the official patches fully mitigates the vulnerability. No additional mitigation steps are required beyond applying the vendor-provided fixes.