Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-7425

Published: July 11, 2025Last modified: July 29, 2025

Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Severity score breakdown

ParameterValue
Base score7.8
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Notes

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 file gnome-libxslt-bug-140-apple-fix.diff The patch breaks libxml2 ABI

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibxsltVulnerable (1.1.37-r0)
StreamlibxsltVulnerable (1.1.37-r0)
Hardened Containers23 LTSlibxsltVulnerable (1.1.37-r0)
StreamlibxsltVulnerable (1.1.37-r0)

References

ON THIS PAGE