{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10911", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-09-24T12:45:24.913Z", "datePublished": "2025-09-25T15:13:14.210Z", "dateUpdated": "2026-04-29T13:04:05.743Z"}, "containers": {"cna": {"title": "Libxslt: use-after-free with key data stored cross-rvt", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash."}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.43"}], "packageName": "libxslt", "collectionURL": "https://gitlab.gnome.org/GNOME/libxslt", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "libxslt-main", "defaultStatus": "affected", "versions": [{"version": "1.1.45-0.1.hum1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxslt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxslt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxslt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxslt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libxslt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:11015", "name": "RHSA-2026:11015", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-10911", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838", "name": "RHBZ#2397838", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"}], "datePublic": "2025-08-04T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-825", "description": "Expired Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-825: Expired Pointer Dereference", "timeline": [{"lang": "en", "time": "2025-09-24T12:46:50.095Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-08-04T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-29T13:04:05.743Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-29T15:48:55.245495Z", "id": "CVE-2025-10911", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T15:49:06.055Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10911", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-29T15:48:55.245495Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T15:49:00.370Z"}}], "cna": {"title": "Libxslt: use-after-free with key data stored cross-rvt", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.43"}], "packageName": "libxslt", "collectionURL": "https://gitlab.gnome.org/GNOME/libxslt", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:hummingbird:1"], "vendor": "Red Hat", "product": "Red Hat Hardened Images", "versions": [{"status": "unaffected", "version": "1.1.45-0.1.hum1", "lessThan": "*", "versionType": "rpm"}], "packageName": "libxslt-main", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "libxslt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "libxslt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "libxslt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "libxslt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "libxslt", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-09-24T12:46:50.095Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-08-04T00:00:00.000Z", "value": "Made public."}], "datePublic": "2025-08-04T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:11015", "name": "RHSA-2026:11015", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-10911", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838", "name": "RHBZ#2397838", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"}, {"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-825", "description": "Expired Pointer Dereference"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-29T13:04:05.743Z"}, "x_redhatCweChain": "CWE-825: Expired Pointer Dereference"}}, "cveMetadata": {"cveId": "CVE-2025-10911", "state": "PUBLISHED", "dateUpdated": "2026-04-29T13:04:05.743Z", "dateReserved": "2025-09-24T12:45:24.913Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-09-25T15:13:14.210Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash."}], "id": "CVE-2025-10911", "lastModified": "2026-04-27T21:16:22.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-09-25T16:15:31.337", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11015"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-10911"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838"}, {"source": "secalert@redhat.com", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"}, {"source": "secalert@redhat.com", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-825"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T16:44:02.243690+00:00", "value": {"mitigation_remediation": ["Apply the latest Red\u00a0Hat update that addresses the libxslt use\u2011after\u2011free issue. This will patch the memory\u2011management flaw and prevent the application crash.", "Restart any services or containers that rely on libxslt after the update to ensure the patched libraries are loaded.", "If an update is not immediately available, disable or remove any functionality that processes XSL input, or replace libxslt with a safer alternative in configuration or code to avoid using the vulnerable library."], "summary": {"action": "Patch", "impact": "Denial of Service (application crash)"}, "threat_synthesis": {"affected_systems": "The flaw affects Red\u00a0Hat Enterprise Linux releases 6 through 10, Red\u00a0Hat Hardened Images, Red\u00a0Hat OpenShift Container Platform\u00a04, and the Hummingbird product. Any system that incorporates libxslt from the listed Red\u00a0Hat packages is potentially vulnerable.", "description_and_impact": "A use\u2011after\u2011free flaw exists in libxslt during the parsing of XSL nodes. When the library processes certain XSL input, it may dereference pointers that have already been freed, causing the application to crash. The vulnerability falls under CWE\u2011825, reflecting a memory\u2011management issue. While the flaw is described as leading only to a crash, use\u2011after\u2011free bugs can potentially be leveraged for more serious failure modes if memory corruption is exploited, although no evidence of such exploitation is provided.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. An EPSS score of less than 1\u202f% shows a very low likelihood of exploitation at this time. The vulnerability is not listed in CISA KEV. Likely attack vectors involve supplying malicious XSL input to an application that uses libxslt; such input could be delivered remotely or locally depending on the application\u2019s exposure. Because the flaw can cause a crash, it poses a denial\u2011of\u2011service risk to affected services. The overall risk is considered moderate and the exploitation probability low, but exposure remains if vulnerable components are deployed in environments where arbitrary XSL input can be received."}}}}, "created": "2026-04-20T16:45:11.957347+00:00", "updated": "2026-04-20T16:45:11.957360+00:00", "vendors": []}