Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-7425

UNKNOWN
Published 2025-07-10T13:53:37.295Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-7425. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.8
/10
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:2.9.7-21.el8_10.2
Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:2.9.7-21.el8_10.2
Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Affected Versions:

0:2.9.7-16.el8_8.10
Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Affected Versions:

0:2.9.7-16.el8_8.10
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:2.9.13-11.el9_6
Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:2.9.13-11.el9_6
Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Affected Versions:

0:2.9.13-3.el9_2.8
Red Hat

Red Hat Discovery 2

Affected Versions:

sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344
Red Hat

Red Hat Enterprise Linux 10

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 7

Red Hat

Red Hat OpenShift Container Platform 4

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Affected Products (ENISA)

red hat
red hat openshift distributed tracing 3.5.2

ENISA Scoring

CVSS Score (3.1)

7.8
/10
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

EPSS Score

0.020
probability

ENISA References

https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://access.redhat.com/errata/RHSA-2025:12447
https://access.redhat.com/errata/RHSA-2025:12450
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13313
https://access.redhat.com/errata/RHSA-2025:13314
https://access.redhat.com/errata/RHSA-2025:13308
https://access.redhat.com/errata/RHSA-2025:13309
https://access.redhat.com/errata/RHSA-2025:13310
https://access.redhat.com/errata/RHSA-2025:13311
https://access.redhat.com/errata/RHSA-2025:13312
https://access.redhat.com/errata/RHSA-2025:13335
https://access.redhat.com/errata/RHSA-2025:13464
https://access.redhat.com/errata/RHSA-2025:13622
https://access.redhat.com/errata/RHSA-2025:14059
https://access.redhat.com/errata/RHSA-2025:14396
https://access.redhat.com/errata/RHSA-2025:14818
https://access.redhat.com/errata/RHSA-2025:14819
https://access.redhat.com/errata/RHSA-2025:14853
https://access.redhat.com/errata/RHSA-2025:14858

Data provided by ENISA EU Vulnerability Database. Last updated: September 4, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8c4w-j52q-j4jq

Advisory Details

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-7425
WEB https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2379274
WEB https://access.redhat.com/security/cve/CVE-2025-7425
WEB https://access.redhat.com/errata/RHSA-2025:14858
WEB https://access.redhat.com/errata/RHSA-2025:14853
WEB https://access.redhat.com/errata/RHSA-2025:14819
WEB https://access.redhat.com/errata/RHSA-2025:14818
WEB https://access.redhat.com/errata/RHSA-2025:14396
WEB https://access.redhat.com/errata/RHSA-2025:14059
WEB https://access.redhat.com/errata/RHSA-2025:13622
WEB https://access.redhat.com/errata/RHSA-2025:13464
WEB https://access.redhat.com/errata/RHSA-2025:13335
WEB https://access.redhat.com/errata/RHSA-2025:13314
WEB https://access.redhat.com/errata/RHSA-2025:13313
WEB https://access.redhat.com/errata/RHSA-2025:13312
WEB https://access.redhat.com/errata/RHSA-2025:13311
WEB https://access.redhat.com/errata/RHSA-2025:13310
WEB https://access.redhat.com/errata/RHSA-2025:13309
WEB https://access.redhat.com/errata/RHSA-2025:13308
WEB https://access.redhat.com/errata/RHSA-2025:13267
WEB https://access.redhat.com/errata/RHSA-2025:12450
WEB https://access.redhat.com/errata/RHSA-2025:12447

Advisory provided by GitHub Security Advisory Database. Published: July 10, 2025, Modified: September 4, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

2 posts
Reddit 5 days, 9 hours ago
BBQKITTY

SteamOS 3.7.15 Beta Released With Multi-Language Support For Screen Reader, Improved Battery Charge Estimation, And More Fixes - SteamDeckHQ As the title says, the [new SteamOS beta was just released](https://steamdeckhq.com/steamos-3-7-15-beta-released/), and it features multi-language support for the screen reader, improved battery charge time estimates, and a ton of fixes for …

Also mentions: CVE-2025-55188 CVE-2025-49014 CVE-2025-6395 CVE-2025-32989 CVE-2025-32988 CVE-2025-32990 CVE-2025-49795 CVE-2025-6170 CVE-2025-49794 CVE-2025-49796 CVE-2025-6021 CVE-2025-48060 CVE-2024-23337 CVE-2024-53427
168
35
238.0
View Original
Reddit 5 days, 9 hours ago
Itchy-Assumption3803

SteamOS 3.7.15 Beta: The Sound of Silence \#updates #steamdeck #steam #news Note: This update is for the Steam Deck Beta and Preview channels, and includes new features that are still being tested. You can opt into this in Settings > System > System Update Channel. **General** - Fixed power and …

Also mentions: CVE-2025-55188 CVE-2025-49014 CVE-2025-6395 CVE-2025-32989 CVE-2025-32988 CVE-2025-32990 CVE-2025-49795 CVE-2025-6170 CVE-2025-49794 CVE-2025-49796 CVE-2025-6021 CVE-2025-48060 CVE-2024-23337 CVE-2024-53427
1
1.0
View Original

References

https://access.redhat.com/errata/RHSA-2025:12447
https://access.redhat.com/errata/RHSA-2025:12450
https://access.redhat.com/errata/RHSA-2025:13267
https://access.redhat.com/errata/RHSA-2025:13313
https://access.redhat.com/errata/RHSA-2025:13314
https://access.redhat.com/security/cve/CVE-2025-7425
https://bugzilla.redhat.com/show_bug.cgi?id=2379274
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
Published: 2025-07-10T13:53:37.295Z
Last Modified: 2025-08-07T05:31:38.429Z
Copied to clipboard!