Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-12863 (GCVE-0-2025-12863)
Vulnerability from cvelistv5 – Published: 2025-11-07 20:59 – Updated: 2025-11-20 12:11
VLAI?
EPSS
This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-11-20T12:11:37.790Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-12863",
"datePublished": "2025-11-07T20:59:35.021Z",
"dateRejected": "2025-11-20T12:11:37.790Z",
"dateReserved": "2025-11-07T10:30:42.765Z",
"dateUpdated": "2025-11-20T12:11:37.790Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-12863\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-11-07T21:15:40.393\",\"lastModified\":\"2025-11-20T15:17:23.673\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283\"}],\"metrics\":{},\"references\":[]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T12:11:37.790Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-12863\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"REJECTED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2025-11-07T10:30:42.765Z\", \"datePublished\": \"2025-11-07T20:59:35.021Z\", \"dateUpdated\": \"2025-11-20T12:11:37.790Z\", \"dateRejected\": \"2025-11-20T12:11:37.790Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2025-2515
Vulnerability from csaf_certbund - Published: 2025-11-06 23:00 - Updated: 2025-11-09 23:00Summary
libxml2: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libxml ist ein C Parser und Toolkit, welches f\u00fcr das Gnome Projekt entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2515 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2515.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2515 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2515"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2413323 vom 2025-11-07",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413323"
}
],
"source_lang": "en-US",
"title": "libxml2: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-11-09T23:00:00.000+00:00",
"generator": {
"date": "2025-11-10T10:17:21.570+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2515",
"initial_release_date": "2025-11-06T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-38299"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source libxml2",
"product": {
"name": "Open Source libxml2",
"product_id": "T000683",
"product_identification_helper": {
"cpe": "cpe:/a:xmlsoft:libxml2:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12863",
"product_status": {
"known_affected": [
"T000683"
]
},
"release_date": "2025-11-06T23:00:00.000+00:00",
"title": "CVE-2025-12863"
}
]
}
WID-SEC-W-2025-2563
Vulnerability from csaf_certbund - Published: 2025-11-11 23:00 - Updated: 2025-12-14 23:00Summary
Microsoft Azure Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Microsoft Azure Linux ist eine von Microsoft entwickelte Linux-Distribution, die für die Ausführung von Workloads in der Azure-Cloud optimiert ist.
Windows ist ein Betriebssystem von Microsoft.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Microsoft Azure Linux und Microsoft Windows ausnutzen um erhöhte Privilegien zu erlangen, beliebigen Code auszuführen, die Authentifizierung zu umgehen, Spoofing-Angriffe durchzuführen, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft Azure Linux ist eine von Microsoft entwickelte Linux-Distribution, die f\u00fcr die Ausf\u00fchrung von Workloads in der Azure-Cloud optimiert ist.\r\nWindows ist ein Betriebssystem von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Azure Linux und Microsoft Windows ausnutzen um erh\u00f6hte Privilegien zu erlangen, beliebigen Code auszuf\u00fchren, die Authentifizierung zu umgehen, Spoofing-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2563 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2563.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2563 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2563"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4288-1 vom 2025-11-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2I3DAC5P7RIJP4M7YPNYJVIE4ZG7RSHV/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2F6CA95A74 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2f6ca95a74"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-7C468696D2 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-7c468696d2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D39F46567C vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d39f46567c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2CA3289343 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2ca3289343"
}
],
"source_lang": "en-US",
"title": "Microsoft Azure Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-14T23:00:00.000+00:00",
"generator": {
"date": "2025-12-15T10:15:06.656+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2563",
"initial_release_date": "2025-11-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3 nghttp2 1.61.0-2 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0",
"product_id": "T048506",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 libarchive 3.7.7-3 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0",
"product_id": "T048507",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 kernel 6.6.104.2-4 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0",
"product_id": "T048508",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 curl 8.11.1-4 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0",
"product_id": "T048509",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 cmake 3.30.3-10 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0",
"product_id": "T048510",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 mysql 8.0.44-2 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0",
"product_id": "T048512",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 libxml2 2.11.5-7 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0",
"product_id": "T048513",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 rust 1.75.0-21 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0",
"product_id": "T048514",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 containerd2 2.0.0-14 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0",
"product_id": "T048515",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 rust 1.86.0-9 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0",
"product_id": "T048516",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.5.0-5 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0",
"product_id": "T048517",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 runc 1.3.3-1 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0",
"product_id": "T048518",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Subsystem for Linux GUI",
"product": {
"name": "Microsoft Windows Subsystem for Linux GUI",
"product_id": "T048511",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows:subsystem_for_linux_gui"
}
}
}
],
"category": "product_name",
"name": "Windows"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2024-25621"
},
{
"cve": "CVE-2025-10966",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-10966"
},
{
"cve": "CVE-2025-12863",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-12863"
},
{
"cve": "CVE-2025-12875",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-12875"
},
{
"cve": "CVE-2025-31133",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-40107",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-40107"
},
{
"cve": "CVE-2025-40109",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-40109"
},
{
"cve": "CVE-2025-52565",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-60753",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-60753"
},
{
"cve": "CVE-2025-62220",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-62220"
},
{
"cve": "CVE-2025-64329",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64329"
},
{
"cve": "CVE-2025-64432",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64432"
},
{
"cve": "CVE-2025-64433",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64433"
},
{
"cve": "CVE-2025-64434",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64434"
},
{
"cve": "CVE-2025-64435",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64435"
},
{
"cve": "CVE-2025-64436",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64436"
},
{
"cve": "CVE-2025-64437",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64437"
}
]
}
FKIE_CVE-2025-12863
Vulnerability from fkie_nvd - Published: 2025-11-07 21:15 - Updated: 2025-11-20 15:17
Severity ?
Summary
Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283"
}
],
"id": "CVE-2025-12863",
"lastModified": "2025-11-20T15:17:23.673",
"metrics": {},
"published": "2025-11-07T21:15:40.393",
"references": [],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Rejected"
}
GHSA-9FWQ-22J4-XFWR
Vulnerability from github – Published: 2025-11-07 21:31 – Updated: 2025-11-07 21:31
VLAI?
Details
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-12863"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-07T21:15:40Z",
"severity": "HIGH"
},
"details": "A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.",
"id": "GHSA-9fwq-22j4-xfwr",
"modified": "2025-11-07T21:31:21Z",
"published": "2025-11-07T21:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-12863"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413323"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-12863
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-11-11 01:01Summary
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12863 Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-12863.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2",
"tracking": {
"current_release_date": "2025-11-11T01:01:30.000Z",
"generator": {
"date": "2026-01-03T09:42:28.021Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-12863",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-11T01:01:30.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "cbl2 libxml2 2.10.4-9",
"product": {
"name": "cbl2 libxml2 2.10.4-9",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "azl3 libxml2 2.11.5-7",
"product": {
"name": "azl3 libxml2 2.11.5-7",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "libxml2"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libxml2 2.10.4-9 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libxml2 2.11.5-7 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12863",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17086-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12863 Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-12863.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-11-11T01:01:30.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-2"
]
},
{
"category": "none_available",
"date": "2025-11-11T01:01:30.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-2",
"17084-1"
]
}
],
"title": "Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…