VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6s1u-2xvj-vkbz

Essentials
Severities (24)
References (24)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6s1u-2xvj-vkbz
Aliases	CVE-2025-32415
Summary	In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1284	Improper Validation of Specified Quantity in Input
CWE-125	Out-of-bounds Read

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-32415
cvssv3.1	2.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	2.9	https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
ssvc	Track	https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-32415

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-32415
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
1103511		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511
2360768		https://bugzilla.redhat.com/show_bug.cgi?id=2360768
cpe:2.3:a:xmlsoft:libxml2::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
CVE-2025-32415		https://nvd.nist.gov/vuln/detail/CVE-2025-32415
RHSA-2025:13203		https://access.redhat.com/errata/RHSA-2025:13203
RHSA-2025:13428		https://access.redhat.com/errata/RHSA-2025:13428
RHSA-2025:13429		https://access.redhat.com/errata/RHSA-2025:13429
RHSA-2025:13622		https://access.redhat.com/errata/RHSA-2025:13622
RHSA-2025:13677		https://access.redhat.com/errata/RHSA-2025:13677
RHSA-2025:13681		https://access.redhat.com/errata/RHSA-2025:13681
RHSA-2025:13683		https://access.redhat.com/errata/RHSA-2025:13683
RHSA-2025:13684		https://access.redhat.com/errata/RHSA-2025:13684
RHSA-2025:13688		https://access.redhat.com/errata/RHSA-2025:13688
RHSA-2025:13689		https://access.redhat.com/errata/RHSA-2025:13689
RHSA-2025:13788		https://access.redhat.com/errata/RHSA-2025:13788
RHSA-2025:13789		https://access.redhat.com/errata/RHSA-2025:13789
RHSA-2025:13806		https://access.redhat.com/errata/RHSA-2025:13806
USN-7467-1		https://usn.ubuntu.com/7467-1/
USN-7467-2		https://usn.ubuntu.com/7467-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:38:26Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-32415

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.0574
EPSS Score	0.00027
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:40:31.970945+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/main.json	37.0.0