CVE Catalog

CVE-2025-49796

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.44%

70th percentile - higher than 70% of all known CVEs

Summary

A vulnerability was found in libxml2 where processing certain sch:name elements from an input XML file can trigger memory corruption. An attacker can craft a malicious XML file causing libxml to crash, leading to denial of service or other undefined behavior due to sensitive data being corrupted in memory.

Risk Assessment

The risk for the organization includes potential denial of service (DoS) in systems using libxml2 for XML processing, as well as possible leakage or corruption of sensitive data in memory.

Recommendation

It is recommended to immediately update libxml2 to the latest patched version. Additionally, restrict processing of untrusted XML files until the update is applied.

Original NVD description (English source)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS