CVE-2025-49794

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxml2 versions (affected versions not specified)

Description A use-after-free issue was found in libxml2, occurring when parsing XPath elements under certain circumstances, specifically when the XML schematron contains the "sch:name path" schema elements. This allows a malicious actor to craft a malicious XML document, potentially causing the program to crash or resulting in undefined behaviors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-825CWE-416

Related Identifiers

ALSA-2025:10630

ALSA-2025:10698

ALSA-2025:10699

AZL-64095

AZL-64127

BDU:2025-08979

CESA-2025_10698

CVE-2025-49794

DLA-4251-1

ECHO-87D5-BEF1-89B5

GHSA-353F-X4GH-CQQ8

INFSA-2025_10698

INFSA-2025_10699

MGASA-2025-0269

OESA-2025-1768

OESA-2025-1769

OESA-2025-1770

OESA-2025-1898

OESA-2025-1899

OESA-2025-1900

OPENSUSE-SU-2025:15321-1

RHSA-2025:10630

RHSA-2025:10698

RHSA-2025:10699

RHSA-2025:11580

RHSA-2025:12098

RHSA-2025:12099

RHSA-2025:12199

RHSA-2025:12237

RHSA-2025:12239

RHSA-2025:12240

RHSA-2025:12241

RHSA-2025_10698

RHSA-2025_10699

RHSA-2026:7519

SUSE-SU-2025:02260-1

SUSE-SU-2025:02275-1

SUSE-SU-2025:02294-1

SUSE-SU-2025:02314-1

SUSE-SU-2025:02355-1

SUSE-SU-2025:20564-1

SUSE-SU-2025:20607-1

SUSE-SU-2025_02260-1

SUSE-SU-2025_02275-1

SUSE-SU-2025_02294-1

SUSE-SU-2025_02314-1

SUSE-SU-2025_02355-1

USN-7694-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxml2

CVE-2025-49794

Weakness Enumeration

Related Identifiers

Affected Products

References · 153