CVE-2025-7425

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7425

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7425.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-7425

Aliases

ECHO-511d-3254-a5d5

Downstream

AZL-65409

AZL-73183

AZL-75182

BELL-CVE-2025-7425

DEBIAN-CVE-2025-7425

DSA-5990-1

ECHO-511d-3254-a5d5

MGASA-2025-0269

RHBA-2025:12345

RHSA-2025:12447

RHSA-2025:12450

RHSA-2025:13308

RHSA-2025:13309

RHSA-2025:13310

RHSA-2025:13311

RHSA-2025:13312

RHSA-2025:13313

RHSA-2025:13314

RHSA-2025:13464

RLSA-2025:12447

ROOT-OS-DEBIAN-11-CVE-2025-7425

ROOT-OS-DEBIAN-12-CVE-2025-7425

ROOT-OS-DEBIAN-13-CVE-2025-7425

ROOT-OS-UBUNTU-2404-CVE-2025-7425

SUSE-SU-2025:02547-1

SUSE-SU-2025:02617-1

SUSE-SU-2025:02620-1

SUSE-SU-2025:02621-1

SUSE-SU-2025:02758-1

SUSE-SU-2025:20564-1

SUSE-SU-2025:20607-1

UBUNTU-CVE-2025-7425

USN-7852-1

USN-7852-2

USN-7896-1

openSUSE-SU-2025:15363-1

Related

Published

2025-07-10T14:15:27.877Z

Modified

2026-04-16T00:02:38.857960193Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7425.json"