A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

vendor_unpatched cve-2025-49795: Unpatched CVEs for Ubuntu Linux (cve-2025-49795)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1103 advisory.

    libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794)

    libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795)

    libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The version of AIX installed on the remote host is prior to APAR IJ55267. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55267 advisory.

  - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can     trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that     can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to     sensitive data being corrupted in memory. (CVE-2025-49796)

  - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under     certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw     allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the     program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

  - A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This     flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
    (CVE-2025-49795)

  - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations     can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of     service when processing crafted input. (CVE-2025-6021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AIX installed on the remote host is prior to APAR IJ55269. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55269 advisory.

  - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can     trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that     can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to     sensitive data being corrupted in memory. (CVE-2025-49796)

  - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under     certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw     allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the     program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

  - A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This     flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
    (CVE-2025-49795)

  - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations     can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of     service when processing crafted input. (CVE-2025-6021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AIX installed on the remote host is prior to APAR IJ55266. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55266 advisory.

  - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can     trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that     can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to     sensitive data being corrupted in memory. (CVE-2025-49796)

  - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under     certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw     allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the     program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

  - A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This     flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
    (CVE-2025-49795)

  - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations     can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of     service when processing crafted input. (CVE-2025-6021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AIX installed on the remote host is prior to APAR IJ55268. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55268 advisory.

  - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can     trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that     can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to     sensitive data being corrupted in memory. (CVE-2025-49796)

  - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under     certain circumstances when the XML schematron has the <sch:name path=.../> schema elements. This flaw     allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the     program's crash using libxml or other possible undefined behaviors. (CVE-2025-49794)

  - A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This     flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
    (CVE-2025-49795)

  - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations     can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of     service when processing crafted input. (CVE-2025-6021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02314-1 advisory.

    - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
    - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
    - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
    - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
    - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow.
    (bsc#1244590)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.11.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-196-02 advisory.

    New libxml2 packages are available for Slackware 15.0 to fix security issues.

Tenable has extracted the preceding description block directly from the libxml2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.14.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-196-01 advisory.

    New libxml2 packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libxml2 security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the abbc8912-5efa-11f0-ae84-99047d0a6bcc advisory.

    Alan Coopersmith reports:
    As discussed in                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/913 the               security policy of libxml2 has been changed to disclose vulnerabilities               before fixes are available so that people other than the maintainer can                 contribute to fixing security issues in this library.
    As part of this, the following 5 CVE's have been disclosed recently:
    (CVE-2025-49794) Heap use after free (UAF) leads to Denial of service (DoS)                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 [...]     (CVE-2025-49795) Null pointer dereference leads to Denial of service (DoS)                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/932 [...]     (CVE-2025-49796) Type confusion leads to Denial of service (DoS)                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 [...]     For all three of the above, note that upstream is considering removing Schematron support completely, as     discussed in                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/935.
    (CVE-2025-6021) Integer Overflow Leading to Buffer Overflow in xmlBuildQName()                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 [...]     (CVE-2025-6170) Stack-based Buffer Overflow in xmllint Shell                 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 [...]

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02260-1 advisory.

    - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
    - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
    - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
    - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
    - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow.
    (bsc#1244590)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-10630 advisory.

    - Fix CVE-2025-6021 (RHEL-96495)
    - Fix CVE-2025-49794 (RHEL-96395)
    - Fix CVE-2025-49795 (RHEL-96408)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10630 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794)

    * libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795)

    * libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796)

    * libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
243464	Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-1103)	Nessus	Amazon Linux Local Security Checks	critical
242404	Photon OS 5.0: Libxml2 PHSA-2025-5.0-0562	Nessus	PhotonOS Local Security Checks	critical
242259	AIX : Multiple Vulnerabilities (IJ55267)	Nessus	AIX Local Security Checks	critical
242258	AIX : Multiple Vulnerabilities (IJ55269)	Nessus	AIX Local Security Checks	critical
242257	AIX : Multiple Vulnerabilities (IJ55266)	Nessus	AIX Local Security Checks	critical
242256	AIX : Multiple Vulnerabilities (IJ55268)	Nessus	AIX Local Security Checks	critical
242154	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2025:02314-1)	Nessus	SuSE Local Security Checks	low
242145	Slackware Linux 15.0 libxml2 Multiple Vulnerabilities (SSA:2025-196-02)	Nessus	Slackware Local Security Checks	low
242135	Slackware Linux 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2025-196-01)	Nessus	Slackware Local Security Checks	low
242030	FreeBSD : libxml2 -- multiple vulnerabilities (abbc8912-5efa-11f0-ae84-99047d0a6bcc)	Nessus	FreeBSD Local Security Checks	low
241674	SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2025:02260-1)	Nessus	SuSE Local Security Checks	low
241634	Oracle Linux 10 : libxml2 (ELSA-2025-10630)	Nessus	Oracle Linux Local Security Checks	critical
241600	RHEL 10 : libxml2 (RHSA-2025:10630)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2025-49795

high

Tenable Plugins

Coming Soon

critical

critical

critical

critical

critical

critical

low

low

low

low

low

critical

critical