CVE-2025-6021

⚠️ high

Summary

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVSS Score

7.5

High

EPSS Score

1.7

Exploit Probability

Published Date

2025-06-12

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 329,456 vulnerabilities in our database.

#102,448

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Sep 3, 2025

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-04-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-787

📦 Affected Products 72

Vendor	Product	Status	Affected Versions
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
xmlsoft	libxml2	Affected	< 2.14.4
redhat	enterprise_linux_server	Affected	v7.0
redhat	enterprise_linux_for_power_little_endian	Affected	v10.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	Affected	v8.0_ppc64le
redhat	enterprise_linux_for_power_little_endian	Affected	v9.0_ppc64le
redhat	enterprise_linux_for_ibm_z_systems	Affected	v10.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	Affected	v8.0_s390x
redhat	enterprise_linux_for_ibm_z_systems	Affected	v9.4_s390x
redhat	enterprise_linux_for_power_little_endian_eus	Affected	v10.0_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	Affected	v9.4_ppc64le
redhat	enterprise_linux_for_power_little_endian_eus	Affected	v9.6_ppc64le
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v10.0_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v9.0_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v9.4_s390x
redhat	enterprise_linux_for_ibm_z_systems_eus	Affected	v9.6_s390x
redhat	enterprise_linux_server_tus	Affected	v8.8
redhat	enterprise_linux_eus	Affected	v10.0
redhat	enterprise_linux_eus	Affected	v8.4
redhat	enterprise_linux_eus	Affected	v8.6
redhat	enterprise_linux_eus	Affected	v8.8
redhat	enterprise_linux_eus	Affected	v9.4
redhat	enterprise_linux_eus	Affected	v9.6
redhat	enterprise_linux_server_aus	Affected	v8.2
redhat	enterprise_linux_server_aus	Affected	v8.4
redhat	enterprise_linux_server_aus	Affected	v8.6
redhat	enterprise_linux_server_aus	Affected	v9.2
redhat	enterprise_linux_server_aus	Affected	v9.4
redhat	enterprise_linux_server_aus	Affected	v9.6
redhat	openshift_container_platform	Affected	v4.12
redhat	openshift_container_platform	Affected	v4.13
redhat	openshift_container_platform	Affected	v4.14
redhat	openshift_container_platform	Affected	v4.15
redhat	openshift_container_platform	Affected	v4.16
redhat	openshift_container_platform	Affected	v4.17
redhat	openshift_container_platform	Affected	v4.18
redhat	jboss_core_services	Affected	v-
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	Affected	v9.4_ppc64le
redhat	openshift_container_platform_for_ibm_z	Affected	v4.13
redhat	openshift_container_platform_for_ibm_z	Affected	v4.14
redhat	openshift_container_platform_for_ibm_z	Affected	v4.15
redhat	openshift_container_platform_for_ibm_z	Affected	v4.16
redhat	openshift_container_platform_for_ibm_z	Affected	v4.17
redhat	openshift_container_platform_for_ibm_z	Affected	v4.18
redhat	openshift_container_platform_for_linuxone	Affected	v4.13
redhat	openshift_container_platform_for_linuxone	Affected	v4.14
redhat	openshift_container_platform_for_linuxone	Affected	v4.15
redhat	openshift_container_platform_for_linuxone	Affected	v4.16
redhat	openshift_container_platform_for_linuxone	Affected	v4.17
redhat	openshift_container_platform_for_linuxone	Affected	v4.18
redhat	openshift_container_platform_for_power	Affected	v4.13
redhat	openshift_container_platform_for_power	Affected	v4.14
redhat	openshift_container_platform_for_power	Affected	v4.15
redhat	openshift_container_platform_for_power	Affected	v4.16
redhat	openshift_container_platform_for_power	Affected	v4.17
redhat	openshift_container_platform_for_power	Affected	v4.18
redhat	openshift_container_platform_for_arm64	Affected	v4.13
redhat	openshift_container_platform_for_arm64	Affected	v4.14
redhat	openshift_container_platform_for_arm64	Affected	v4.15
redhat	openshift_container_platform_for_arm64	Affected	v4.16
redhat	openshift_container_platform_for_arm64	Affected	v4.17
redhat	openshift_container_platform_for_arm64	Affected	v4.18
redhat	enterprise_linux_for_arm_64	Affected	v10.0_aarch64
redhat	enterprise_linux_for_arm_64	Affected	v8.0_aarch64
redhat	enterprise_linux_for_arm_64	Affected	v9.0_aarch64
redhat	enterprise_linux_for_arm_64	Affected	v9.4_aarch64
redhat	enterprise_linux_for_arm_64_eus	Affected	v10.0_aarch64
redhat	enterprise_linux_for_arm_64_eus	Affected	v9.4_aarch64
redhat	enterprise_linux_for_arm_64_eus	Affected	v9.6_aarch64
redhat	in-vehicle_operating_system	Affected	v1.0

🔗 References 27

https://access.redhat.com/errata/RHSA-2025:10630

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:10698

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:10699

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:11580

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:11673

https://access.redhat.com/errata/RHSA-2025:12098

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12099

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12199

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12237

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12239

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12240

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:12241

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13267

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13289

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13325

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13335

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13336

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:14059

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:14396

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:15308

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:15672

Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:19020

https://access.redhat.com/errata/RHSA-2026:7519

https://access.redhat.com/security/cve/CVE-2025-6021

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2372406

Issue Tracking

https://gitlab.gnome.org/GNOME/libxml2/-/issues/926

Exploit Issue Tracking Vendor Advisory

https://lists.debian.org/debian-lts-announce/2025/07...

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-1764	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf...	2026-06-16
CVE-2026-1766	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke...	2026-06-16
CVE-2026-1767	🔶 medium	5.6	0.2	A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo...	2026-06-16
CVE-2026-11785	🔶 medium	4.3	0.2	A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st...	2026-06-09
CVE-2026-11786	ℹ️ low	1.9	0.2	A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ...	2026-06-09
CVE-2026-11787	🔶 medium	5.0	0.2	A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ...	2026-06-09

These CVEs affect the same products