DEBIAN-CVE-2025-7425

DEBIAN-CVE-2025-7425 PUBLISHED CVSS 7.800000190734863 HIGH

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	libxslt	1.1.43-0.1, 0, 1.1.35-1.2

Exploit Intelligence

4593.2.0.yml (github-poc)
macos_v2_generated.go (github-poc)
macos_v1_generated.go (github-poc)
ios_v2_generated.go (github-poc)
ios_v1_generated.go (github-poc)
visionos_v2_generated.go (github-poc)
safari_v2_generated.go (github-poc)
watchos_v2_generated.go (github-poc)
tvos_v2_generated.go (github-poc)

Timeline

Jul 10, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-7425 advisory

Open in Interactive Console →