PT-2025-25307 · Red Hat+13 · Red Hat Openshift Container Platform+15

Ahmed Lekssays

·

Published

2025-06-12

·

Updated

2026-05-08

·

CVE-2025-6021

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions libxml2 (affected versions not specified) Red Hat Enterprise Linux versions 6 through 10 Red Hat JBoss Core Services (affected versions not specified) Red Hat OpenShift Container Platform 4 (affected versions not specified)
Description A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Recommendations For libxml2, consider disabling the xmlBuildQName function until a patch is available. For Red Hat Enterprise Linux versions 6 through 10, update to a version that includes the fix for this issue. For Red Hat JBoss Core Services, restrict access to the vulnerable xmlBuildQName function to minimize the risk of exploitation. For Red Hat OpenShift Container Platform 4, avoid using the xmlBuildQName function in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Memory Corruption

Stack Overflow

Weakness Enumeration

CWE-190CWE-787CWE-121

Related Identifiers

ALSA-2025:10630
ALSA-2025:10698
ALSA-2025:10699
ALT-PU-2025-13660
AZL-64101
AZL-64124
BDU:2025-07144
BIT-JAVA-2025-6021
BIT-JAVA-MIN-2025-6021
BIT-JRE-2025-6021
CESA-2025_10698
CVE-2025-6021
DLA-4251-1
ECHO-48B5-0C84-55DA
GHSA-353F-X4GH-CQQ8
INFSA-2025_10698
INFSA-2025_10699
JLSEC-2025-196
MGASA-2025-0269
OESA-2025-1701
OESA-2025-1702
OESA-2025-1703
OESA-2025-1704
OESA-2025-1716
OESA-2025-1770
OPENSUSE-SU-2025:15321-1
RHSA-2025:10630
RHSA-2025:10698
RHSA-2025:10699
RHSA-2025:11580
RHSA-2025:12098
RHSA-2025:12099
RHSA-2025:12199
RHSA-2025:12237
RHSA-2025:12239
RHSA-2025:12240
RHSA-2025:12241
RHSA-2025_10698
RHSA-2025_10699
RHSA-2026:7519
SUSE-SU-2025:02260-1
SUSE-SU-2025:02275-1
SUSE-SU-2025:02294-1
SUSE-SU-2025:02314-1
SUSE-SU-2025:02355-1
SUSE-SU-2025:20564-1
SUSE-SU-2025:20607-1
SUSE-SU-2025_02260-1
SUSE-SU-2025_02275-1
SUSE-SU-2025_02294-1
SUSE-SU-2025_02314-1
SUSE-SU-2025_02355-1
USN-7694-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Java Platform
Linuxmint
Red Hat
Red Hat Jboss Core Services
Red Hat Openshift Container Platform
Red Os
Rocky Linux
Suse
Ubuntu
Libxml2