CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-7424
https://bugzilla.redhat.com/show_bug.cgi?id=2379228

Configurations

No configuration.

History

15 Jul 2025, 13:24

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en la librería libxslt. El mismo campo de memoria, psvi, se utiliza tanto para la hoja de estilo como para los datos de entrada, lo que puede provocar confusión de tipos durante las transformaciones XML. Esta vulnerabilidad permite a un atacante bloquear la aplicación o corromper la memoria. En algunos casos, puede provocar una denegación de servicio o un comportamiento inesperado.

10 Jul 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 14:15

Updated : 2025-07-15 13:24

NVD link : CVE-2025-7424

Mitre link : CVE-2025-7424

CVE.ORG link : CVE-2025-7424

JSON object : View

Products Affected

No product.

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

7.8 /10