CVE-2025-24855

HIGH7.8EPSS 0.09%

Published: 3/14/2025Modified: 5/8/2026

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Affected packages (5)

Alpine/libxsltfrom 0, < 1.1.38-r1
Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
Debian/libxsltfrom 0, < 1.1.34-4+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2025-24855
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-24855
WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/128
WEBhttps://lists.debian.org/debian-lts-announce/2025/03/msg00015.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-24855