CVE-2025-49794

UNKNOWN

Published 2025-06-16T15:24:31.020Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-49794. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

9.1

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.214

Higher than 21.4% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Description

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 10

Affected Versions:

0:2.12.5-7.el10_0

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

Affected Versions:

0:2.9.1-6.el7_9.10

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:2.9.7-21.el8_10.1

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:2.9.7-21.el8_10.1

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected Versions:

0:2.9.7-9.el8_4.6

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Affected Versions:

0:2.9.7-9.el8_4.6

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Affected Versions:

0:2.9.7-13.el8_6.10

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Affected Versions:

0:2.9.7-13.el8_6.10

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Affected Versions:

0:2.9.7-13.el8_6.10

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Affected Versions:

0:2.9.7-16.el8_8.9

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Affected Versions:

0:2.9.7-16.el8_8.9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:2.9.13-10.el9_6

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:2.9.13-10.el9_6

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Affected Versions:

0:2.9.13-1.el9_0.5

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Affected Versions:

0:2.9.13-3.el9_2.7

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

Affected Versions:

0:2.9.13-10.el9_4

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat JBoss Core Services

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

red hat

red hat enterprise linux 8.4 extended update support long-life add-on

ENISA Scoring

CVSS Score (3.1)

9.1

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score

0.200

probability

ENISA References

https://access.redhat.com/security/cve/CVE-2025-49794

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

https://nvd.nist.gov/vuln/detail/CVE-2025-49794

https://access.redhat.com/errata/RHSA-2025:10630

https://access.redhat.com/errata/RHSA-2025:10698

https://access.redhat.com/errata/RHSA-2025:10699

https://access.redhat.com/errata/RHSA-2025:11580

https://access.redhat.com/errata/RHSA-2025:12098

https://access.redhat.com/errata/RHSA-2025:12099

https://access.redhat.com/errata/RHSA-2025:12199

https://access.redhat.com/errata/RHSA-2025:12239

https://access.redhat.com/errata/RHSA-2025:12240

https://access.redhat.com/errata/RHSA-2025:12241

https://access.redhat.com/errata/RHSA-2025:12237

https://access.redhat.com/errata/RHSA-2025:13335

Data provided by ENISA EU Vulnerability Database. Last updated: September 2, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-qg4c-8pj4-qgw2

Advisory Details

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-49794

WEB https://access.redhat.com/errata/RHSA-2025:10630

WEB https://access.redhat.com/errata/RHSA-2025:10698

WEB https://access.redhat.com/errata/RHSA-2025:10699

WEB https://access.redhat.com/errata/RHSA-2025:11580

WEB https://access.redhat.com/errata/RHSA-2025:12098

WEB https://access.redhat.com/errata/RHSA-2025:12099

WEB https://access.redhat.com/errata/RHSA-2025:12199

WEB https://access.redhat.com/errata/RHSA-2025:12237

WEB https://access.redhat.com/errata/RHSA-2025:12239

WEB https://access.redhat.com/errata/RHSA-2025:12240

WEB https://access.redhat.com/errata/RHSA-2025:12241

WEB https://access.redhat.com/errata/RHSA-2025:13335

WEB https://access.redhat.com/security/cve/CVE-2025-49794

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2372373

Advisory provided by GitHub Security Advisory Database. Published: June 16, 2025, Modified: August 7, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts

Reddit • 4 days, 19 hours ago

BBQKITTY

SteamOS 3.7.15 Beta Released With Multi-Language Support For Screen Reader, Improved Battery Charge Estimation, And More Fixes - SteamDeckHQ As the title says, the [new SteamOS beta was just released](https://steamdeckhq.com/steamos-3-7-15-beta-released/), and it features multi-language support for the screen reader, improved battery charge time estimates, and a ton of fixes for …

Also mentions: CVE-2025-55188 CVE-2025-49014 CVE-2025-6395 CVE-2025-32989 CVE-2025-32988 CVE-2025-7425 CVE-2025-32990 CVE-2025-49795 CVE-2025-6170 CVE-2025-49796 CVE-2025-6021 CVE-2025-48060 CVE-2024-23337 CVE-2024-53427

168

238.0

View Original

Reddit • 4 days, 20 hours ago

Itchy-Assumption3803

SteamOS 3.7.15 Beta: The Sound of Silence \#updates #steamdeck #steam #news Note: This update is for the Steam Deck Beta and Preview channels, and includes new features that are still being tested. You can opt into this in Settings > System > System Update Channel. **General** - Fixed power and …

1.0

View Original

Reddit • 6 days, 7 hours ago

michaelpaoli

Debian 13.1 (and 12.12) 2025-09-06 "Just" a "minor" point release. But for those that have been waiting to upgrade to Debian 13, perhaps that time now draws nearer? [\[SUA 273-1\] Upcoming Debian 13 Update (13.1)](https://lists.debian.org/debian-stable-announce/2025/09/msg00000.html) [\[SUA 274-1\] Upcoming Debian 12 Update (12.12)](https://lists.debian.org/debian-stable-announce/2025/09/msg00001.html) 13.1: >\[SUA 273-1\] Upcoming Debian 13 Update (13.1) …