CVE-2025-49795
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-825 | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the libxml2 library that occurs when processing malformed or incorrect XPath expressions, specifically in the xmlSchematronFormatReport function. An attacker can craft malicious XML input that triggers this flaw, causing the application using libxml2 to crash or become unavailable, resulting in a denial of service (DoS). [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS), where applications or systems using libxml2 can crash or become unresponsive when processing specially crafted malicious XML inputs. This can lead to service interruptions and potential downtime for affected systems. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that libxml2 is updated to a version where proper input validation or error handling in the xmlSchematronFormatReport function is implemented to prevent null pointer dereference. Avoid processing untrusted or malformed XPath expressions in Schematron schema reports until a patch or update is applied. [1]