CVE-2025-49794 Information
Jun 17, 2025
cve
Description
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml resulting in the program’s crash using libxml or other possible undefined behaviors.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Reference
https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.1
Related CNNVD
CNNVD-202506-1904 (Published: 2025-06-16)
Share on: