CVE-2025-10911 in Red Hatinfo

Summary

by MITRE • 09/25/2025

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 10/03/2025

The vulnerability identified as CVE-2025-10911 represents a critical use-after-free condition within the libxslt library, a widely deployed XML stylesheet transformation library that processes xsl nodes. This flaw manifests during the parsing of XSLT elements when the library fails to properly manage memory references, creating opportunities for malicious actors to exploit the vulnerability. The issue stems from improper handling of memory allocation and deallocation sequences, where pointers to freed memory locations remain accessible and can be dereferenced by subsequent operations.

The technical implementation of this vulnerability involves the manipulation of XSLT node structures during transformation processes. When libxslt processes certain malformed or crafted XSLT documents, the parser may prematurely free memory associated with node objects while other code paths still maintain references to these locations. This creates a window where an attacker can potentially control the memory layout or overwrite freed memory with malicious content, leading to arbitrary code execution or application instability. The flaw specifically affects the memory management routines within the XSLT processing engine and demonstrates a classic memory safety issue that aligns with CWE-416, which catalogs use-after-free vulnerabilities.

From an operational perspective, this vulnerability poses significant risks to systems that rely on libxslt for XML processing tasks, particularly web applications, content management systems, and enterprise software that handle user-supplied XSLT transformations. The impact extends beyond simple application crashes to potentially enable remote code execution, making it a critical concern for organizations running vulnerable versions of libxslt. Attackers can exploit this vulnerability by crafting malicious XSLT documents that trigger the memory corruption during processing, potentially allowing them to execute arbitrary commands on affected systems or escalate privileges within the application context.

The exploitation of CVE-2025-10911 aligns with several ATT&CK techniques including privilege escalation through memory corruption and code injection via malformed input processing. Organizations should consider implementing defensive measures such as input validation, sandboxing of XSLT processing, and regular updates to libxslt versions that contain fixes for this vulnerability. The ATT&CK framework categorizes such vulnerabilities under T1059 for command and script injection, while the memory corruption aspects relate to T1068 for exploit development. System administrators should prioritize patching affected systems, implementing network segmentation to limit exposure, and monitoring for suspicious XSLT processing activities. Additionally, the vulnerability demonstrates the importance of memory safety practices in XML processing libraries and highlights the need for comprehensive testing of edge cases in transformation engines to prevent similar issues in other software components.

Responsible

Redhat

Reservation

09/24/2025

Disclosure

09/25/2025

Moderation

accepted

CPE

ready

EPSS

0.00161

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!