CVE-2025-32415
CVE Details
Visit the official vulnerability details page for CVE-2025-32415 to learn more.
Initial Publication
05/15/2025
Last Update
09/02/2025
Third Party Dependency
libxml2
NIST CVE Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
CVE Severity
Our Official Summary
This is a heap-based buffer under-read vulnerability in libxml2, a widely used XML parsing library. This issue affects versions prior to 2.13.8 and 2.14.x before 2.14.2. The vulnerability arises when a crafted XML document is validated against an XML schema containing certain identity constraints, or when a specially crafted XML schema is used. This can lead to a heap-based buffer under-read, potentially causing application crashes or denial of service (DoS) conditions.
Since the containers on which this CVE is reported are not exposed, exploitation risk is low. Impact of an exploit is limited to the container attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 05/27/2025 | Status changed from Open to Ongoing |
| 05/27/2025 | Official summary added |