Search for vulnerabilities
Vulnerability details: VCID-h8dr-ab5d-e7f4
Vulnerability ID VCID-h8dr-ab5d-e7f4
Aliases CVE-2025-27113
Summary libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-27113
cvssv3.1 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 2.9 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
ssvc Track https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-27113
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json
https://api.first.org/data/v1/epss?cve=CVE-2025-27113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20250306-0004/
1098322 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322
2346410 https://bugzilla.redhat.com/show_bug.cgi?id=2346410
861 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113
USN-7302-1 https://usn.ubuntu.com/7302-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-27113
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17265
EPSS Score 0.00055
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:49:27.367711+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7302-1/ 37.0.0