BIT-java-min-2025-24855

BIT-java-min-2025-24855 PUBLISHED CVSS 7.800000190734863 HIGH

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	java-min	0, 1.9.0, 1.9.0

Timeline

May 6, 2026 CVE Published
May 8, 2026 CVE Updated

References

https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 url
https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html url
https://nvd.nist.gov/vuln/detail/CVE-2025-24855 url

Open in Interactive Console →