Search for vulnerabilities
Vulnerability details: VCID-e7ny-dgdx-wqhb
Vulnerability ID VCID-e7ny-dgdx-wqhb
Aliases CVE-2025-32414
Summary In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-393 Return of Wrong Status Code
CWE-252 Unchecked Return Value
System Score Found at
cvssv3 5.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2025-32414
cvssv3.1 5.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.6 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
ssvc Track https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-32414
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json
https://api.first.org/data/v1/epss?cve=CVE-2025-32414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
1102521 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521
2358121 https://bugzilla.redhat.com/show_bug.cgi?id=2358121
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414
RHSA-2025:12098 https://access.redhat.com/errata/RHSA-2025:12098
RHSA-2025:12237 https://access.redhat.com/errata/RHSA-2025:12237
RHSA-2025:12239 https://access.redhat.com/errata/RHSA-2025:12239
RHSA-2025:12240 https://access.redhat.com/errata/RHSA-2025:12240
RHSA-2025:12241 https://access.redhat.com/errata/RHSA-2025:12241
RHSA-2025:13428 https://access.redhat.com/errata/RHSA-2025:13428
RHSA-2025:13429 https://access.redhat.com/errata/RHSA-2025:13429
RHSA-2025:13677 https://access.redhat.com/errata/RHSA-2025:13677
RHSA-2025:13681 https://access.redhat.com/errata/RHSA-2025:13681
RHSA-2025:13683 https://access.redhat.com/errata/RHSA-2025:13683
RHSA-2025:13684 https://access.redhat.com/errata/RHSA-2025:13684
RHSA-2025:8958 https://access.redhat.com/errata/RHSA-2025:8958
USN-7467-1 https://usn.ubuntu.com/7467-1/
USN-7467-2 https://usn.ubuntu.com/7467-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:56:33Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-32414
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02707
EPSS Score 0.00017
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:37.665083+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.19/main.json 37.0.0