CVEFinder.io

CVE-2025-6170

ℹ️ low
Summary

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVSS Score
2.5
Low
EPSS Score
0.0
Exploit Probability
Published Date
2025-06-16
First Seen: 2026-01-05
Last Modified 2025-11-03
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-121

πŸ”— References 3

https://access.redhat.com/security/cve/CVE-2025-6170
Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372952
Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/07...

πŸ“¦ Affected Products 8

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
xmlsoft libxml2 Affected
v-
redhat openshift_container_platform Affected
v4.0
redhat jboss_core_services Affected
v-

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-9714 πŸ”Ά medium 6.2 0.0 Uncontrolled recursion inΒ XPath evaluationΒ in libxml2 up to and including version 2.9.14 allows a local attacker to ca... 2025-09-10
CVE-2025-9784 ⚠️ high 7.5 0.4 A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering ab... 2025-09-02
CVE-2025-8283 ℹ️ low 3.7 0.0 A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman se... 2025-07-28
CVE-2025-7519 πŸ”Ά medium 6.7 0.0 A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds wri... 2025-07-14
These CVEs affect the same products