Critical severity9.1NVD Advisory· Published Jun 16, 2025· Updated May 12, 2026
CVE-2025-49794
CVE-2025-49794
Description
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- access.redhat.com/errata/RHSA-2025:10630nvd
- access.redhat.com/errata/RHSA-2025:10698nvd
- access.redhat.com/errata/RHSA-2025:10699nvd
- access.redhat.com/errata/RHSA-2025:11580nvd
- access.redhat.com/errata/RHSA-2025:12098nvd
- access.redhat.com/errata/RHSA-2025:12099nvd
- access.redhat.com/errata/RHSA-2025:12199nvd
- access.redhat.com/errata/RHSA-2025:12237nvd
- access.redhat.com/errata/RHSA-2025:12239nvd
- access.redhat.com/errata/RHSA-2025:12240nvd
- access.redhat.com/errata/RHSA-2025:12241nvd
- access.redhat.com/errata/RHSA-2025:13335nvd
- access.redhat.com/errata/RHSA-2025:15397nvd
- access.redhat.com/errata/RHSA-2025:15827nvd
- access.redhat.com/errata/RHSA-2025:15828nvd
- access.redhat.com/errata/RHSA-2025:18217nvd
- access.redhat.com/errata/RHSA-2025:18218nvd
- access.redhat.com/errata/RHSA-2025:18219nvd
- access.redhat.com/errata/RHSA-2025:18240nvd
- access.redhat.com/errata/RHSA-2025:19020nvd
- access.redhat.com/errata/RHSA-2025:19041nvd
- access.redhat.com/errata/RHSA-2025:19046nvd
- access.redhat.com/errata/RHSA-2025:19894nvd
- access.redhat.com/errata/RHSA-2025:21913nvd
- access.redhat.com/errata/RHSA-2026:0934nvd
- access.redhat.com/errata/RHSA-2026:7519nvd
- access.redhat.com/security/cve/CVE-2025-49794nvd
- bugzilla.redhat.com/show_bug.cginvd
- cert-portal.siemens.com/productcert/html/ssa-577017.htmlnvd
- gitlab.gnome.org/GNOME/libxml2/-/issues/931nvd
- lists.debian.org/debian-lts-announce/2025/07/msg00014.htmlnvd
News mentions
1- Siemens Ruggedcom RoxCISA Alerts