CVE-2025-7425 Information

Description

A flaw was found in libxslt where the attribute type atype flags are modified in a way that corrupts internal memory management. When XSLT functions such as the key() process result in tree fragments this corruption prevents the proper cleanup of ID attributes. As a result the system may access freed memory causing crashes or enabling attackers to trigger heap corruption.

Reference

https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

Related CNNVD

CNNVD-202507-1491 (Published: 2025-07-10)