CVE-2025-7425 : Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2025-7425 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

来源: 美国国家漏洞数据库 NVD

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

释放后使用

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Libxslt 资源管理错误漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Libxslt是Libxslt开源的一个为 GNOME 项目开发的 XSLT C 库。 Libxslt存在安全漏洞，该漏洞源于属性类型atype和标志修改不当，可能导致内存管理损坏和堆损坏。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE
GNOME	libxml2	0 ~ 2.15.2	-
Red Hat	Red Hat Enterprise Linux 10	0:2.12.5-8.el10_0 ~ *	`cpe:/o:redhat:enterprise_linux:10.0`
Red Hat	Red Hat Enterprise Linux 10	0:1.1.39-8.el10_0 ~ *	`cpe:/o:redhat:enterprise_linux:10.0`
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	0:2.9.1-6.el7_9.12 ~ *	`cpe:/o:redhat:rhel_els:7`
Red Hat	Red Hat Enterprise Linux 8	0:2.9.7-21.el8_10.2 ~ *	`cpe:/a:redhat:enterprise_linux:8::appstream`
Red Hat	Red Hat Enterprise Linux 8	0:2.9.7-21.el8_10.2 ~ *	`cpe:/a:redhat:enterprise_linux:8::appstream`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	0:2.9.7-9.el8_2.4 ~ *	`cpe:/a:redhat:rhel_aus:8.2::appstream`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:2.9.7-9.el8_4.7 ~ *	`cpe:/o:redhat:rhel_eus_long_life:8.4::baseos`
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	0:2.9.7-9.el8_4.7 ~ *	`cpe:/o:redhat:rhel_eus_long_life:8.4::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	0:2.9.7-13.el8_6.11 ~ *	`cpe:/o:redhat:rhel_e4s:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	0:2.9.7-13.el8_6.11 ~ *	`cpe:/o:redhat:rhel_e4s:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	0:2.9.7-13.el8_6.11 ~ *	`cpe:/o:redhat:rhel_e4s:8.6::baseos`
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	0:2.9.7-16.el8_8.10 ~ *	`cpe:/o:redhat:rhel_tus:8.8::baseos`
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	0:2.9.7-16.el8_8.10 ~ *	`cpe:/o:redhat:rhel_tus:8.8::baseos`
Red Hat	Red Hat Enterprise Linux 9	0:2.9.13-11.el9_6 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9	0:2.9.13-11.el9_6 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	0:2.9.13-1.el9_0.6 ~ *	`cpe:/a:redhat:rhel_e4s:9.0::appstream`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	0:2.9.13-3.el9_2.8 ~ *	`cpe:/a:redhat:rhel_e4s:9.2::appstream`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	0:2.9.13-11.el9_4 ~ *	`cpe:/o:redhat:rhel_eus:9.4::baseos`
Red Hat	Red Hat OpenShift Container Platform 4.12	412.86.202509030110-0 ~ *	`cpe:/a:redhat:openshift:4.12::el8`
Red Hat	Red Hat OpenShift Container Platform 4.13	413.92.202509030117-0 ~ *	`cpe:/a:redhat:openshift:4.13::el9`
Red Hat	Red Hat OpenShift Container Platform 4.14	414.92.202508270040-0 ~ *	`cpe:/a:redhat:openshift:4.14::el9`
Red Hat	Red Hat OpenShift Container Platform 4.15	415.92.202508192014-0 ~ *	`cpe:/a:redhat:openshift:4.15::el9`
Red Hat	Red Hat OpenShift Container Platform 4.16	416.94.202508261955-0 ~ *	`cpe:/a:redhat:openshift:4.16::el9`
Red Hat	Red Hat OpenShift Container Platform 4.17	417.94.202508141510-0 ~ *	`cpe:/a:redhat:openshift:4.17::el9`
Red Hat	Red Hat OpenShift Container Platform 4.18	418.94.202508261658-0 ~ *	`cpe:/a:redhat:openshift:4.18::el9`
Red Hat	Red Hat OpenShift Container Platform 4.19	4.19.9.6.202508271124-0 ~ *	`cpe:/a:redhat:openshift:4.19::el9`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	1.11-19 ~ *	`cpe:/a:redhat:webterminal:1.11::el9`
Red Hat	Red Hat Web Terminal 1.11 on RHEL 9	1.11-8 ~ *	`cpe:/a:redhat:webterminal:1.11::el9`
Red Hat	Red Hat Web Terminal 1.12 on RHEL 9	1.12-4 ~ *	`cpe:/a:redhat:webterminal:1.12::el9`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-10 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-10 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-4 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-9 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-18 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-11 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	RHOSS-1.36-RHEL-8	1.36.0-7 ~ *	`cpe:/a:redhat:openshift_serverless:1.36::el8`
Red Hat	cert-manager operator for Red Hat OpenShift 1.16	sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b ~ *	`cpe:/a:redhat:cert_manager:1.16::el9`
Red Hat	File Integrity Operator 1	sha256:364d11af112a5b1d3f28c9ea8b7aac678e111b9c7fca0516d61036904f318605 ~ *	`cpe:/a:redhat:openshift_file_integrity_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	sha256:4953a7ea865ff38a4fe19d5536d8062870c262733c640a2c7e4bd9e0bfb3d498 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	sha256:06ad8599c4b0170264e40a45b0126504c87c37f0832265c7ff6541d2385b2049 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	OpenShift Compliance Operator 1	sha256:0903a7a5c857d96c84fd022e5785514eff201047e2fdd5d6699d79f17440ef02 ~ *	`cpe:/a:redhat:openshift_compliance_operator:1::el9`
Red Hat	Red Hat Discovery 2	sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344 ~ *	`cpe:/a:redhat:discovery:2::el9`
Red Hat	Red Hat Insights proxy 1.5	sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 ~ *	`cpe:/a:redhat:insights_proxy:1.5::el9`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:2a359b16651cf20b9e37faabc6f57753744c59103979670260e263df2857da47 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:02d88da5fdc965b3759b7c74667dc93a374dc379719456a2a9c0ef15ac36d656 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:260572b783d27d50a2dcdcac09a1fe15358c0fa5f85de93ce5fd8321cd81a0fa ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:783a10c95edcb5c5cb8394b796f27dbfbb5ac6e1ee3baaa27d6c43f411ad6045 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:39b2d56b8f0eb3b539697fc387ae84230182c7e8cf5c184b8ee6c02e29386120 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:0932824cfd76c0e3d80f6e5b81312405b4a6a670d715144fc4d08bdb3a3cf962 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66 ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:2509c7cc0bdf6d001442d2e83e21925b09a59c4b05eef81e98af93327f6f6c6d ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat OpenShift distributed tracing 3.5.1	sha256:c6f9ee5f306766c0502419fe691e9e14aad8b0d1a4ced7ff9b1738c272fba80b ~ *	`cpe:/a:redhat:openshift_distributed_tracing:3.5::el8`
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`
Red Hat	Red Hat Hardened Images	-	`cpe:/a:redhat:hummingbird:1`

二、漏洞 CVE-2025-7425 的公开POC

#	POC 描述	源链接	神龙链接

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-7425 的情报信息

Please 登录 to view more intelligence information

https://access.redhat.com/security/cve/CVE-2025-7425vdb-entryx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://bugzilla.redhat.com/show_bug.cgi?id=2379274issue-trackingx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0934vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12450vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13335vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21885vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13313vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13311vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15672vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14396vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13308vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15308vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13309vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15828vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:18219vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13310vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13312vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13267vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13464vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14819vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21913vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:15827vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14853vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14858vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13314vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14059vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13622vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2025:12345vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:14818vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12447vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2025-7425

四、漏洞 CVE-2025-7425 的评论

暂无评论

支持本站 — 捐款将帮助我们持续运营

一、漏洞 CVE-2025-7425 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2025-7425 的公开POC

三、漏洞 CVE-2025-7425 的情报信息

四、漏洞 CVE-2025-7425 的评论

发表评论

支持本站 — 捐款将帮助我们持续运营

一、 漏洞 CVE-2025-7425 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2025-7425 的公开POC

三、漏洞 CVE-2025-7425 的情报信息

四、漏洞 CVE-2025-7425 的评论

发表评论

一、漏洞 CVE-2025-7425 基础信息