CVE-2025-7425: Use After Free in GNOME libxml2
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
AI Analysis
Technical Summary
This vulnerability in libxslt, part of the libxml2 library, arises from a use-after-free condition caused by corruption of the attribute type (atype) in xmlAttrPtr structures. When XSLT functions such as key() produce tree fragments, this corruption prevents proper cleanup of ID attributes, leading to access of freed memory. This can result in application crashes or heap corruption. The issue has been assigned CVSS 3.1 score 7.8 (high severity) with attack vector local, high attack complexity, no privileges required, no user interaction, and scope changed. Red Hat has issued security advisories and patches for affected Red Hat Enterprise Linux 9 and 10 versions.
Potential Impact
Successful exploitation can cause heap corruption or crashes in applications using the vulnerable libxml2/libxslt libraries. This may lead to denial of service or potentially enable further exploitation due to memory corruption. The CVSS score of 7.8 indicates a high impact on integrity and availability. There are no confirmed reports of exploitation in the wild.
Mitigation Recommendations
Official patches are available from Red Hat for Red Hat Enterprise Linux 9 and 10. Users should apply the updated libxml2 and libxslt packages as provided in Red Hat advisories RHSA-2025:12447 and RHBA-2025:12345. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
CVE-2025-7425: Use After Free in GNOME libxml2
Description
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in libxslt, part of the libxml2 library, arises from a use-after-free condition caused by corruption of the attribute type (atype) in xmlAttrPtr structures. When XSLT functions such as key() produce tree fragments, this corruption prevents proper cleanup of ID attributes, leading to access of freed memory. This can result in application crashes or heap corruption. The issue has been assigned CVSS 3.1 score 7.8 (high severity) with attack vector local, high attack complexity, no privileges required, no user interaction, and scope changed. Red Hat has issued security advisories and patches for affected Red Hat Enterprise Linux 9 and 10 versions.
Potential Impact
Successful exploitation can cause heap corruption or crashes in applications using the vulnerable libxml2/libxslt libraries. This may lead to denial of service or potentially enable further exploitation due to memory corruption. The CVSS score of 7.8 indicates a high impact on integrity and availability. There are no confirmed reports of exploitation in the wild.
Mitigation Recommendations
Official patches are available from Red Hat for Red Hat Enterprise Linux 9 and 10. Users should apply the updated libxml2 and libxslt packages as provided in Red Hat advisories RHSA-2025:12447 and RHBA-2025:12345. Detailed update instructions are available at https://access.redhat.com/articles/11258. Applying these updates will remediate the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-07-10T08:44:06.287Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHBA-2025:12345","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:12447","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:12450","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13267","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13308","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13309","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13310","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13311","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13312","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13313","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13314","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13335","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13464","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:13622","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14059","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14396","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14818","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14819","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14853","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:14858","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:15308","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:15672","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:15827","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:15828","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:18219","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:21913","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:0934","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-7425","vendor":"Red Hat"}]
Threat ID: 686fc7a4a83201eaaca7ffbb
Added to database: 7/10/2025, 2:01:08 PM
Last enriched: 5/2/2026, 2:00:27 AM
Last updated: 5/8/2026, 11:43:42 AM
Views: 601
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.