CVE-2025-10911
MEDIUM5.5EPSS 0.02%Libxslt: use-after-free with key data stored cross-rvt
發布日:2025/9/25修改日:2026/5/8
描述
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
受影響套件(4)
- Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Debian/libxsltfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-10911
- WEBhttps://access.redhat.com/errata/RHSA-2026:11015
- WEBhttps://access.redhat.com/security/cve/CVE-2025-10911
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2397838
- WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/144
- WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-10911