Critical severity9.1NVD Advisory· Published Jun 16, 2025· Updated Jun 2, 2026
CVE-2025-49796
CVE-2025-49796
Description
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
58- osv-coords57 versionspkg:rpm/almalinux/libxml2pkg:rpm/almalinux/libxml2-develpkg:rpm/almalinux/libxml2-staticpkg:rpm/almalinux/python3-libxml2pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/libxml2&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libxml2&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libxml2&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libxml2-python&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 2.12.5-7.el10_0+ 56 more
- (no CPE)range: < 2.12.5-7.el10_0
- (no CPE)range: < 2.12.5-7.el10_0
- (no CPE)range: < 2.12.5-7.el10_0
- (no CPE)range: < 2.12.5-7.el10_0
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.13.8-2.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.12.10-150700.4.3.1
- (no CPE)range: < 2.9.4-46.87.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.4-46.87.1
- (no CPE)range: < 2.11.6-10.1
- (no CPE)range: < 2.11.6-slfo.1.1_6.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.12.10-150700.4.3.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.12.10-150700.4.3.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.10.3-150500.5.29.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.14-150400.5.44.1
- (no CPE)range: < 2.9.4-46.87.1
- (no CPE)range: < 2.9.4-46.87.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
- (no CPE)range: < 2.9.7-150000.3.82.1
Patches
Vulnerability mechanics
References
33- access.redhat.com/errata/RHSA-2025:10630nvd
- access.redhat.com/errata/RHSA-2025:10698nvd
- access.redhat.com/errata/RHSA-2025:10699nvd
- access.redhat.com/errata/RHSA-2025:11580nvd
- access.redhat.com/errata/RHSA-2025:12098nvd
- access.redhat.com/errata/RHSA-2025:12099nvd
- access.redhat.com/errata/RHSA-2025:12199nvd
- access.redhat.com/errata/RHSA-2025:12237nvd
- access.redhat.com/errata/RHSA-2025:12239nvd
- access.redhat.com/errata/RHSA-2025:12240nvd
- access.redhat.com/errata/RHSA-2025:12241nvd
- access.redhat.com/errata/RHSA-2025:13267nvd
- access.redhat.com/errata/RHSA-2025:13335nvd
- access.redhat.com/errata/RHSA-2025:15397nvd
- access.redhat.com/errata/RHSA-2025:15827nvd
- access.redhat.com/errata/RHSA-2025:15828nvd
- access.redhat.com/errata/RHSA-2025:18217nvd
- access.redhat.com/errata/RHSA-2025:18218nvd
- access.redhat.com/errata/RHSA-2025:18219nvd
- access.redhat.com/errata/RHSA-2025:18240nvd
- access.redhat.com/errata/RHSA-2025:19020nvd
- access.redhat.com/errata/RHSA-2025:19041nvd
- access.redhat.com/errata/RHSA-2025:19046nvd
- access.redhat.com/errata/RHSA-2025:19894nvd
- access.redhat.com/errata/RHSA-2025:21913nvd
- access.redhat.com/errata/RHSA-2026:0934nvd
- access.redhat.com/errata/RHSA-2026:7519nvd
- access.redhat.com/security/cve/CVE-2025-49796nvd
- bugzilla.redhat.com/show_bug.cginvd
- cert-portal.siemens.com/productcert/html/ssa-253495.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-577017.htmlnvd
- gitlab.gnome.org/GNOME/libxml2/-/issues/933nvd
- lists.debian.org/debian-lts-announce/2025/07/msg00014.htmlnvd
News mentions
1- Siemens Ruggedcom RoxCISA ICS Advisories