CVE-2025-8732

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libxml2 versions up to 2.14.5

Description A vulnerability exists in libxml2 related to uncontrolled recursion within the xmlParseSGMLCatalog function of the xmlcatalog component. The issue can be triggered with untrusted SGML catalogs. The exploit has been publicly disclosed. The existence of this vulnerability is currently debated, with the code maintainer suggesting it requires the use of untrusted SGML catalogs, which are rarely used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-404

Related Identifiers

AZL-66204

AZL-66224

CVE-2025-8732

ECHO-7574-128E-F428

MGASA-2026-0027

OESA-2026-1598

OPENSUSE-SU-2026:10213-1

OPENSUSE-SU-2026:20312-1

SUSE-SU-2025:4104-1

SUSE-SU-2025:4115-1

SUSE-SU-2025:4116-1

SUSE-SU-2025_4104-1

SUSE-SU-2026:0570-1

SUSE-SU-2026:0605-1

SUSE-SU-2026:20631-1

SUSE-SU-2026:20647-1

SUSE-SU-2026:20657-1

SUSE-SU-2026:20707-1

USN-7974-1

Affected Products

Debian

Ibm Aix

Linuxmint

Red Os

Suse

Ubuntu

Libxml2

CVE-2025-8732

Weakness Enumeration

Related Identifiers

Affected Products

References · 76