High severity7.5NVD Advisory· Published Jun 16, 2025· Updated Apr 19, 2026

CVE-2025-49795

Description

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2025:10630nvd
access.redhat.com/errata/RHSA-2025:19020nvd
access.redhat.com/errata/RHSA-2026:7519nvd
access.redhat.com/security/cve/CVE-2025-49795nvd
bugzilla.redhat.com/show_bug.cginvd
gitlab.gnome.org/GNOME/libxml2/-/issues/932nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000