CVE-2025-6021
CVE Details
Visit the official vulnerability details page for CVE-2025-6021 to learn more.
Initial Publication
06/13/2025
Last Update
09/02/2025
Third Party Dependency
libxml2
NIST CVE Summary
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE Severity
Our Official Summary
A critical vulnerability was identified in libxml2, specifically within the xmlBuildQName() function, where integer overflow in buffer size calculations can lead to a stack-based buffer overflow. When a maliciously crafted input is processed, this flaw may cause memory corruption or a denial of service (DoS).
This vulnerability affects libxml2 but poses minimal risk in SpectroCloud-managed environments, as the vulnerable component resides in a container image not exposed externally. Exploiting the flaw requires internal access and malicious XML input, which is unlikely in typical SpectroCloud workloads. Additionally, container isolation and execution restrictions significantly reduce the impact, making the overall risk low.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 08/12/2025 | Status changed from Open to Ongoing |
| 08/12/2025 | Official summary added |