CVE-2025-49796
CVE Details
Visit the official vulnerability details page for CVE-2025-49796 to learn more.
Initial Publication
06/13/2025
Last Update
09/02/2025
Third Party Dependency
libxml2
NIST CVE Summary
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVE Severity
Our Official Summary
This is a high-severity vulnerability (CVSS 8.2) affecting libxml2, a core XML parsing library used in numerous Linux distributions. The flaw enables a type confusion attack, potentially allowing a remote attacker to trigger denial-of-service (DoS) by causing applications to crash during XML parsing.
This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 06/17/2025 | Status changed from Open to Ongoing |
| 06/17/2025 | Official summary added |
| 06/17/2025 | Advisory assigned with CRITICAL severity |