CVE-2025-6021

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2025:10630 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10698 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:10699 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11580 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:11673
https://access.redhat.com/errata/RHSA-2025:12098 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12099 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12199 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12237 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12239 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12240 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:12241 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13289 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13325 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13335 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:13336 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:14059 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:14396 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:15308 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:15672 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19020
https://access.redhat.com/security/cve/CVE-2025-6021 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372406 Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.18:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.17:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.18:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:10.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:in-vehicle_operating_system:1.0:*:*:*:*:*:*:*
History

29 Nov 2025, 01:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:11673 -

03 Nov 2025, 20:19

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html -
Information

Published : 2025-06-12 13:15

Updated : 2025-11-29 01:16

NVD link : CVE-2025-6021

Mitre link : CVE-2025-6021

CVE.ORG link : CVE-2025-6021

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • in-vehicle_operating_system
  • enterprise_linux_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_arm_64
  • enterprise_linux_for_arm_64_eus
  • openshift_container_platform
  • openshift_container_platform_for_linuxone
  • enterprise_linux_server_tus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server
  • openshift_container_platform_for_arm64
  • openshift_container_platform_for_power
  • jboss_core_services
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_aus
  • openshift_container_platform_for_ibm_z
  • enterprise_linux_for_ibm_z_systems

xmlsoft

  • libxml2
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write