{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T20:39:27.961","vulnerabilities":[{"cve":{"id":"CVE-2025-7425","sourceIdentifier":"secalert@redhat.com","published":"2025-07-10T14:15:27.877","lastModified":"2026-05-12T13:17:28.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption."},{"lang":"es","value":"Se encontró una falla en libxslt donde los atributos type, atype y flags se modifican de forma que corrompe la gestión de memoria interna. Cuando las funciones XSLT, como el proceso key(), generan fragmentos de árbol, esta corrupción impide la limpieza correcta de los atributos ID. Como resultado, el sistema puede acceder a la memoria liberada, provocando fallos o permitiendo a los atacantes provocar la corrupción del montón."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.8}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://access.redhat.com/errata/RHBA-2025:12345","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:12447","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:12450","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13267","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13308","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13309","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13310","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13311","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13312","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13313","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13314","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13335","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13464","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:13622","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14059","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14396","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14818","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14819","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14853","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:14858","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15308","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15672","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15827","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15828","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:18219","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21885","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:21913","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0934","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:11503","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-7425","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379274","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140","source":"secalert@redhat.com"},{"url":"http://seclists.org/fulldisclosure/2025/Aug/0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/32","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/35","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/37","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2025/07/11/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-577017.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"},{"url":"https://gitlab.gnome.org/GNOME/libxslt/-/issues/140","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}