CVE-2025-9714

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.15

Description: An uncontrolled recursion issue in XPath evaluation within libxml2 allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr previously reset recursion depth to zero before making potentially recursive calls, enabling uncontrolled recursion and a potential stack overflow when called recursively. These functions now preserve recursion depth across recursive calls, allowing for controlled recursion.

Recommendations: Update to libxml2 version 2.9.15 or later.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALSA-2025:22376

ALSA-2026:11349

ALT-PU-2025-12631

ALT-PU-2025-13303

BDU:2026-02937

CVE-2025-9714

DLA-4319-1

ECHO-8406-E671-1093

INFSA-2025_22376

OESA-2025-2255

OESA-2025-2285

RHSA-2025:22162

RHSA-2025:22163

RHSA-2025:22177

RHSA-2025:22376

RHSA-2025:22377

RHSA-2026:11349

RHSA-2026:14832

RHSA-2026:14858

RHSA-2026:15967

RHSA-2026:7519

SUSE-SU-2025:4104-1

SUSE-SU-2025:4115-1

SUSE-SU-2025:4116-1

USN-7743-1

Affected Products

Alt Linux

Almalinux

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxml2

CVE-2025-9714

Weakness Enumeration

Related Identifiers

Affected Products

References · 52