A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
History

Mon, 29 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/o:redhat:rhivos:1 cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat rhivos
Redhat discovery
References

Mon, 29 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.6::baseos
References

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Tus
References

Thu, 25 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
Vendors & Products Redhat rhel Eus
References

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Thu, 25 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_e4s:9.4::appstream
Vendors & Products Redhat rhel E4s
References

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
CPEs cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
References

Thu, 25 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 24 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Wed, 24 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 27 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 13 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Mon, 29 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Sep 2025 19:45:00 +0000

Type Values Removed Values Added
References

Thu, 25 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
Description A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Title Libxslt: use-after-free with key data stored cross-rvt
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-825
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-09-25T15:13:14.210Z

Updated: 2026-06-29T23:28:23.018Z

Reserved: 2025-09-24T12:45:24.913Z

Link: CVE-2025-10911

cve-icon Vulnrichment

Updated: 2025-09-29T15:49:00.370Z

cve-icon NVD

Status : Deferred

Published: 2025-09-25T16:15:31.337

Modified: 2026-06-17T08:29:15.740

Link: CVE-2025-10911

cve-icon Redhat

No data.