CVE-2025-7424
BaseFortify
Publication date: 2025-07-10
Last updated on: 2026-04-27
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| xmlsoft | libxslt | * |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the libxslt library where the same memory field, called psvi, is used for both stylesheet and input data. This causes type confusion during XML transformations, which can allow an attacker to crash the application or corrupt memory, potentially leading to denial of service or unexpected behavior.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to crash your application or corrupt its memory during XML transformations. This can result in denial of service or cause your application to behave unexpectedly, which may disrupt normal operations.