CVE-2025-7425

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7425

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7425.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-7425

Aliases

Downstream

BELL-CVE-2025-7425

DEBIAN-CVE-2025-7425

DSA-5990-1

ECHO-511d-3254-a5d5

RHSA-2025:12447

RHSA-2025:12450

RHSA-2025:13308

RHSA-2025:13309

RHSA-2025:13310

RHSA-2025:13311

RHSA-2025:13312

RHSA-2025:13313

RHSA-2025:13314

RHSA-2025:13464

RLSA-2025:12447

SUSE-SU-2025:02547-1

SUSE-SU-2025:02617-1

SUSE-SU-2025:02620-1

SUSE-SU-2025:02621-1

SUSE-SU-2025:02758-1

UBUNTU-CVE-2025-7425

USN-7852-1

USN-7852-2

USN-7896-1

Related

Published

2025-07-10T14:15:27Z

Modified

2026-01-14T18:57:46.673245Z

Summary

[none]

Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

References

Affected packages