VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3zy6-h7hv-1yhr

Essentials
Severities (56)
References (60)
Severity details (37)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3zy6-h7hv-1yhr
Aliases	CVE-2025-6021
Summary	A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-121	Stack-based Buffer Overflow
CWE-190	Integer Overflow or Wraparound

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:10630
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:10630
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:10698
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:10698
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:10699
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:10699
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:11580
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:11580
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12098
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12098
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12099
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12099
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12199
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12199
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12237
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12237
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12239
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12239
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12240
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12240
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:12241
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:12241
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:13267
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:13267
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:13325
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:13325
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:13335
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:13335
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2025:13336
ssvc	Track	https://access.redhat.com/errata/RHSA-2025:13336
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2025-6021
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-6021
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00252	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00261	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00261	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
epss	0.00261	https://api.first.org/data/v1/epss?cve=CVE-2025-6021
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2372406
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2372406
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	High	https://security.archlinux.org/AVG-2899

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2025:13289
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-6021
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1107720		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720
AVG-2899		https://security.archlinux.org/AVG-2899
cpe:/a:redhat:discovery:2::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:insights_proxy:1.5::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
cpe:/a:redhat:jboss_core_services:1		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift:4.16::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9
cpe:/a:redhat:openshift:4.18::el9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
cpe:/a:redhat:rhel_aus:8.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/a:redhat:rhel_aus:8.4::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_aus:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:enterprise_linux:10.0		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_aus:8.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.0::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_els:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_eus:9.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
CVE-2025-6021		https://access.redhat.com/security/cve/CVE-2025-6021
RHSA-2025:10630		https://access.redhat.com/errata/RHSA-2025:10630
RHSA-2025:10698		https://access.redhat.com/errata/RHSA-2025:10698
RHSA-2025:10699		https://access.redhat.com/errata/RHSA-2025:10699
RHSA-2025:11580		https://access.redhat.com/errata/RHSA-2025:11580
RHSA-2025:12098		https://access.redhat.com/errata/RHSA-2025:12098
RHSA-2025:12099		https://access.redhat.com/errata/RHSA-2025:12099
RHSA-2025:12199		https://access.redhat.com/errata/RHSA-2025:12199
RHSA-2025:12237		https://access.redhat.com/errata/RHSA-2025:12237
RHSA-2025:12239		https://access.redhat.com/errata/RHSA-2025:12239
RHSA-2025:12240		https://access.redhat.com/errata/RHSA-2025:12240
RHSA-2025:12241		https://access.redhat.com/errata/RHSA-2025:12241
RHSA-2025:13267		https://access.redhat.com/errata/RHSA-2025:13267
RHSA-2025:13325		https://access.redhat.com/errata/RHSA-2025:13325
RHSA-2025:13335		https://access.redhat.com/errata/RHSA-2025:13335
RHSA-2025:13336		https://access.redhat.com/errata/RHSA-2025:13336
show_bug.cgi?id=2372406		https://bugzilla.redhat.com/show_bug.cgi?id=2372406

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:10630

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:10630

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:10698

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:10698

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:10699

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:10699

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:11580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:11580

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12098

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12098

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12099

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12099

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12199

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12199

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12237

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12237

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12239

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12239

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12240

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12240

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:12241

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:12241

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:13267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:13267

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:13325

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:13325

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:13335

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:13335

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2025:13336

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/errata/RHSA-2025:13336

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2025-6021

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://access.redhat.com/security/cve/CVE-2025-6021

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2372406

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-12T13:15:36Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2372406

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.28965
EPSS Score	0.00103
Published At	Aug. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:25:33.682235+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/6xxx/CVE-2025-6021.json	37.0.0