CVE-2025-7425
Published: July 11, 2025Last modified: November 21, 2025
Description
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | NONE |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H |
Notes
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 file gnome-libxslt-bug-140-apple-fix.diff The patch breaks libxml2 ABI
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | libxslt | Vulnerable (1.1.37-r0) |
| Stream | libxslt | Vulnerable (1.1.37-r0) | |
| Liberica JDK | 8 | jdk-full | Fixed (8u472+11) |
| jre-full | Fixed (8u472+11) | ||
| 11 | jdk-full | Fixed (11.0.29+12) | |
| jre-full | Fixed (11.0.29+12) | ||
| 17 | jdk-full | Fixed (17.0.17+15) | |
| jre-full | Fixed (17.0.17+15) | ||
| 21 | jdk-full | Fixed (21.0.9+15) | |
| jre-full | Fixed (21.0.9+15) | ||
| 25 | jdk-full | Fixed (25.0.1+13) | |
| jre-full | Fixed (25.0.1+13) |
References
- http://seclists.org/fulldisclosure/2025/Aug/0
- http://seclists.org/fulldisclosure/2025/Jul/30
- http://seclists.org/fulldisclosure/2025/Jul/32
- http://seclists.org/fulldisclosure/2025/Jul/35
- http://seclists.org/fulldisclosure/2025/Jul/37
- http://www.openwall.com/lists/oss-security/2025/07/11/2
- https://access.redhat.com/errata/RHSA-2025:12447
- https://access.redhat.com/errata/RHSA-2025:12450
- https://access.redhat.com/errata/RHSA-2025:13267
- https://access.redhat.com/errata/RHSA-2025:13308
- https://access.redhat.com/errata/RHSA-2025:13309
- https://access.redhat.com/errata/RHSA-2025:13310
- https://access.redhat.com/errata/RHSA-2025:13311
- https://access.redhat.com/errata/RHSA-2025:13312
- https://access.redhat.com/errata/RHSA-2025:13313
- https://access.redhat.com/errata/RHSA-2025:13314
- https://access.redhat.com/errata/RHSA-2025:13335
- https://access.redhat.com/errata/RHSA-2025:13464
- https://access.redhat.com/errata/RHSA-2025:13622
- https://access.redhat.com/errata/RHSA-2025:14059
- https://access.redhat.com/errata/RHSA-2025:14396
- https://access.redhat.com/errata/RHSA-2025:14818
- https://access.redhat.com/errata/RHSA-2025:14819
- https://access.redhat.com/errata/RHSA-2025:14853
- https://access.redhat.com/errata/RHSA-2025:14858
- https://access.redhat.com/errata/RHSA-2025:15308
- https://access.redhat.com/errata/RHSA-2025:15672
- https://access.redhat.com/errata/RHSA-2025:15827
- https://access.redhat.com/errata/RHSA-2025:15828
- https://access.redhat.com/errata/RHSA-2025:18219
- https://access.redhat.com/errata/RHSA-2025:21885
- https://access.redhat.com/errata/RHSA-2025:21913
- https://access.redhat.com/security/cve/CVE-2025-7425
- https://bugzilla.redhat.com/show_bug.cgi?id=2379274
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
- https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html