In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

The remote NewStart CGSL host, running version MAIN 7.02, has libxml2 packages installed that are affected by multiple vulnerabilities:

  - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API     (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and     xmlPythonFileReadRaw because of a difference between bytes and characters. (CVE-2025-32414)

  - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.
    This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are     critical enough to warrant a CVE ID ... because an attacker typically can't control when memory     allocations fail. (CVE-2023-45322)

  - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader     interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to     an xmlValidatePopElement use-after-free. (CVE-2024-25062)

  - In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce     events for external entities even if custom SAX handlers try to override entity content (by setting     checked). This makes classic XXE attacks possible. (CVE-2024-40896)

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and     xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated     against an XML schema with certain identity constraints, or a crafted XML schema must be used.
    (CVE-2024-56171)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Java installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

  - Vulnerability in Oracle Java SE (component: JavaFX (libxml2)). Supported versions that are affected are     Oracle Java SE: 8u451-b50. Difficult to exploit vulnerability allows unauthenticated attacker with     network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human     interaction from a person other than the attacker. Successful attacks of this vulnerability can result in     takeover of Oracle Java SE. (CVE-2024-40896)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451,     8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle     GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle     Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. (CVE-2025-30749)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE:     8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle     GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change).     Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.     (CVE-2025-50059)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-05 advisory.

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in     pattern.c. (CVE-2025-27113)

  - In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce     events for external entities even if custom SAX handlers try to override entity content (by setting     checked). This makes classic XXE attacks possible. (CVE-2024-40896)

  - An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function     because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602)

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and     xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated     against an XML schema with certain identity constraints, or a crafted XML schema must be used.
    (CVE-2024-56171)

  - A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity     expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat     can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could     lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the     environment and library usage. (CVE-2024-8176)

  - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements     in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE:
    this is similar to CVE-2017-9047. (CVE-2025-24928)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0024-1 advisory.

    - CVE-2024-40896: Fixed a XML external entity vulnerability related to libxml2 (boo#1234820)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7215-1 advisory.

    Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could     possibly use this issue to perform XML External Entity (XXE) attacks.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9f3765a04b advisory.

    Update to 2.12.9

    Fixes CVE-2024-40896

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-867a14de12 advisory.

    Update to 2.12.9

    Fixes CVE-2024-40896.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.13.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-206-02 advisory.

    New libxml2 packages are available for Slackware XXX 15.0 and -current to fix a security issue.

Tenable has extracted the preceding description block directly from the libxml2 security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242784	NewStart CGSL MAIN 7.02 : libxml2 Multiple Vulnerabilities (NS-SA-2025-0106)	Nessus	NewStart CGSL Local Security Checks	high
242293	Oracle Java SE Multiple Vulnerabilities (July 2025 CPU)	Nessus	Misc.	high
234837	Tenable Nessus < 10.8.4 Multiple Vulnerabilities (TNS-2025-05)	Nessus	Misc.	high
214570	openSUSE 15 Security Update : qt6-webengine (openSUSE-SU-2025:0024-1)	Nessus	SuSE Local Security Checks	critical
214329	Ubuntu 24.10 : libxml2 vulnerability (USN-7215-1)	Nessus	Ubuntu Local Security Checks	critical
213446	Fedora 40 : libxml2 (2024-9f3765a04b)	Nessus	Fedora Local Security Checks	critical
213402	Fedora 41 : libxml2 (2024-867a14de12)	Nessus	Fedora Local Security Checks	critical
206725	Photon OS 5.0: Libxml2 PHSA-2024-5.0-0354	Nessus	PhotonOS Local Security Checks	critical
204680	Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-206-02)	Nessus	Slackware Local Security Checks	critical

Detections

Analytics

CVE-2024-40896

critical

Tenable Plugins

high

high

high

critical

critical

critical

critical

critical

critical