CVEFinder.io

CVE-2025-6170

ℹī¸ low
🔍 Scan for this CVE
Summary

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVSS Score
2.5
Low
EPSS Score
0.0
Exploit Probability
Published Date
2025-06-16
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 1.3% of all 329,456 vulnerabilities in our database.

#325,296
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jun 16, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Ahmed Lekssays for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-06-02
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-121

đŸ“Ļ Affected Products 8

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
xmlsoft libxml2 Affected
v-
redhat openshift_container_platform Affected
v4.0
redhat jboss_core_services Affected
v-

🔗 References 6

https://access.redhat.com/errata/RHSA-2026:7519
https://access.redhat.com/security/cve/CVE-2025-6170
Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372952
Issue Tracking Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
https://lists.debian.org/debian-lts-announce/2025/07...
https://cert-portal.siemens.com/productcert/html/ssa...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-1764 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf... 2026-06-16
CVE-2026-1766 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke... 2026-06-16
CVE-2026-1767 đŸ”ļ medium 5.6 0.2 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo... 2026-06-16
CVE-2026-11785 đŸ”ļ medium 4.3 0.2 A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st... 2026-06-09
CVE-2026-11786 ℹī¸ low 1.9 0.2 A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ... 2026-06-09
CVE-2026-11787 đŸ”ļ medium 5.0 0.2 A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ... 2026-06-09
These CVEs affect the same products