VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-s24p-gfz1-d7cs

Essentials
Severities (19)
References (32)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s24p-gfz1-d7cs
Aliases	CVE-2025-24928
Summary	libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Status	Published
Exploitability	0.5
Weighted Severity	7.0
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-121

Stack-based Buffer Overflow

System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-24928
cvssv3.1	6.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
ssvc	Track	https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
cvssv3.1	7.8	https://issues.oss-fuzz.com/issues/392687022
ssvc	Track	https://issues.oss-fuzz.com/issues/392687022

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-24928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20250321-0006/
1098321		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321
2346421		https://bugzilla.redhat.com/show_bug.cgi?id=2346421
392687022		https://issues.oss-fuzz.com/issues/392687022
847		https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
CVE-2025-24928		https://nvd.nist.gov/vuln/detail/CVE-2025-24928
RHSA-2025:2482		https://access.redhat.com/errata/RHSA-2025:2482
RHSA-2025:2483		https://access.redhat.com/errata/RHSA-2025:2483
RHSA-2025:2507		https://access.redhat.com/errata/RHSA-2025:2507
RHSA-2025:2513		https://access.redhat.com/errata/RHSA-2025:2513
RHSA-2025:2654		https://access.redhat.com/errata/RHSA-2025:2654
RHSA-2025:2660		https://access.redhat.com/errata/RHSA-2025:2660
RHSA-2025:2673		https://access.redhat.com/errata/RHSA-2025:2673
RHSA-2025:2678		https://access.redhat.com/errata/RHSA-2025:2678
RHSA-2025:2679		https://access.redhat.com/errata/RHSA-2025:2679
RHSA-2025:2686		https://access.redhat.com/errata/RHSA-2025:2686
RHSA-2025:2789		https://access.redhat.com/errata/RHSA-2025:2789
RHSA-2025:3055		https://access.redhat.com/errata/RHSA-2025:3055
RHSA-2025:3368		https://access.redhat.com/errata/RHSA-2025:3368
RHSA-2025:3397		https://access.redhat.com/errata/RHSA-2025:3397
RHSA-2025:3453		https://access.redhat.com/errata/RHSA-2025:3453
RHSA-2025:3569		https://access.redhat.com/errata/RHSA-2025:3569
RHSA-2025:3775		https://access.redhat.com/errata/RHSA-2025:3775
RHSA-2025:3780		https://access.redhat.com/errata/RHSA-2025:3780
RHSA-2025:3867		https://access.redhat.com/errata/RHSA-2025:3867
RHSA-2025:4005		https://access.redhat.com/errata/RHSA-2025:4005
RHSA-2025:9895		https://access.redhat.com/errata/RHSA-2025:9895
USN-7302-1		https://usn.ubuntu.com/7302-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T15:39:40Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://issues.oss-fuzz.com/issues/392687022

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T15:39:40Z/ Found at https://issues.oss-fuzz.com/issues/392687022

Exploit Prediction Scoring System (EPSS)

Percentile	0.00415
EPSS Score	8e-05
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:30:20.629252+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.19/main.json	37.0.0