EUVD-2025-18175

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Flaw in libxml2's xmlBuildQName can cause buffer overflow and denial of service from crafted input

Reporter	Title	Published	Views	Family All 288
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS	17 Jul 202516:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	3 Mar 202600:44	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a use-after-free vulnerability due to the libxml2 package (CVE-2025-49794)	2 Sep 202514:33	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Advanced.	12 Aug 202511:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	5 Sep 202519:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 library (CVE-2025-6021, CVE-2025-49794, CVE-2025-49796) affect Power HMC.	9 Sep 202513:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	11 Nov 202514:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libxml2 affects IBM Cloud Pak System[CVE-2025-6021]	25 Feb 202608:51	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3 and pam packages shipped with TXSeries for Multiplatforms.	12 Aug 202511:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization	14 Aug 202516:48	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "0cf57307-7a40-3789-a414-989334012863",
        "vendor": {
          "name": "Red Hat"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0061ebc9-6633-320e-b9e5-0905b7bbb628",
        "product": {
          "name": "Red Hat OpenShift Container Platform 4.18"
        },
        "product_version": "patch: 418.94.202508060022-0"
      },
      {
        "id": "0c0a6245-78ec-3633-aef1-847c49fa7fa6",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      },
      {
        "id": "34bc37e6-293d-3bc3-8621-13fd8df1b70a",
        "product": {
          "name": "Red Hat Enterprise Linux 8"
        },
        "product_version": "patch: 0:2.9.7-21.el8_10.1"
      },
      {
        "id": "4844bfe8-35b1-3c2d-8586-50a119e77b3f",
        "product": {
          "name": "Red Hat Enterprise Linux 9"
        },
        "product_version": "patch: 0:2.9.13-10.el9_6"
      },
      {
        "id": "48bd5b34-c710-3035-ad41-fcf4470115a9",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      },
      {
        "id": "4e8891ea-c1f6-393a-9a20-1c0191fa37d4",
        "product": {
          "name": "Red Hat Enterprise Linux 8.2 Advanced Update Support"
        },
        "product_version": "patch: 0:2.9.7-9.el8_2.3"
      },
      {
        "id": "5c4e9008-54d2-3d97-9f87-fb613e321ce9",
        "product": {
          "name": "Red Hat Discovery 2"
        },
        "product_version": "patch: sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344"
      },
      {
        "id": "5ec53e28-38ab-3e59-a507-99d4e38fada3",
        "product": {
          "name": "Red Hat Enterprise Linux 9.4 Extended Update Support"
        },
        "product_version": "patch: 0:2.9.13-10.el9_4"
      },
      {
        "id": "6979a2da-6565-3a95-81a3-c81174053cd7",
        "product": {
          "name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.13-1.el9_0.5"
      },
      {
        "id": "7d616028-d979-3c8a-810e-c8afa951dfae",
        "product": {
          "name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service"
        },
        "product_version": "patch: 0:2.9.7-16.el8_8.9"
      },
      {
        "id": "81362e5f-48e7-3fa7-a1f9-43b25fed6f98",
        "product": {
          "name": "Red Hat OpenShift Container Platform 4.14"
        },
        "product_version": "patch: 414.92.202508041909-0"
      },
      {
        "id": "86581fa9-aa7b-32e1-bb66-e138f3bab3f9",
        "product": {
          "name": "Red Hat Insights proxy 1.5"
        },
        "product_version": "patch: sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7"
      },
      {
        "id": "90ad7a9f-aea5-3c15-80de-7ccec02ddf46",
        "product": {
          "name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.7-16.el8_8.9"
      },
      {
        "id": "a44a8ff3-d917-308f-a4b1-a76bcb4a30c9",
        "product": {
          "name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support"
        },
        "product_version": "patch: 0:2.9.1-6.el7_9.10"
      },
      {
        "id": "bb2ab783-6448-3b9f-8d7f-c00881a0f35b",
        "product": {
          "name": "Red Hat Insights proxy 1.5"
        },
        "product_version": "patch: sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d"
      },
      {
        "id": "bc36d139-616e-331a-8ef6-5fa1ee5ee8c4",
        "product": {
          "name": "Red Hat OpenShift Container Platform 4.16"
        },
        "product_version": "patch: 416.94.202508050040-0"
      },
      {
        "id": "c10ecd3c-2c55-3b11-a684-163ccce5731a",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:2.9.7-9.el8_4.6"
      },
      {
        "id": "c9369b10-730e-3a09-86c3-bc540f31976e",
        "product": {
          "name": "Red Hat Enterprise Linux 10"
        },
        "product_version": "patch: 0:2.12.5-7.el10_0"
      },
      {
        "id": "c9e1885a-6045-3d67-92f4-04fef4a6abfa",
        "product": {
          "name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.13-3.el9_2.7"
      },
      {
        "id": "d5e287e7-6887-3177-86a8-d1d24deda38e",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On"
        },
        "product_version": "patch: 0:2.9.7-9.el8_4.6"
      },
      {
        "id": "e17db726-4a93-3dac-8503-9b3b81676adc",
        "product": {
          "name": "Red Hat Discovery 2"
        },
        "product_version": "patch: sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec"
      },
      {
        "id": "e67f751c-3114-36c9-9bd8-e592460daed9",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-6021
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-6021
access	www.access.redhat.com/errata/RHSA-2025:10630
access	www.access.redhat.com/errata/RHSA-2025:10698
access	www.access.redhat.com/errata/RHSA-2025:10699
access	www.access.redhat.com/errata/RHSA-2025:11580
access	www.access.redhat.com/errata/RHSA-2025:12098
access	www.access.redhat.com/errata/RHSA-2025:12099
access	www.access.redhat.com/errata/RHSA-2025:12199

03 Oct 2025 20:07Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5

EPSS0.01067

SSVC