CVE-2025-49796
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk70th percentile - higher than 70% of all known CVEs
Summary
A vulnerability was found in libxml2 where processing certain sch:name elements from an input XML file can trigger memory corruption. An attacker can craft a malicious XML file causing libxml to crash, leading to denial of service or other undefined behavior due to sensitive data being corrupted in memory.
Risk Assessment
The risk for the organization includes potential denial of service (DoS) in systems using libxml2 for XML processing, as well as possible leakage or corruption of sensitive data in memory.
Recommendation
It is recommended to immediately update libxml2 to the latest patched version. Additionally, restrict processing of untrusted XML files until the update is applied.
Original NVD description (English source)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

