EUVD-2025-18415

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Memory corruption in libxml2 may allow denial of service from crafted XML input files.

Reporter	Title	Published	Views	Family All 287
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	18 Dec 202501:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS	17 Jul 202516:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	3 Mar 202600:44	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a use-after-free vulnerability due to the libxml2 package (CVE-2025-49794)	2 Sep 202514:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	7 Aug 202508:11	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc packages shipped with IBM CICS TX Advanced.	12 Aug 202511:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	20 Oct 202522:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in libxml2	23 Sep 202521:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-49795, CVE-2025-49794 and CVE-2025-49796)	3 Sep 202507:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 library (CVE-2025-6021, CVE-2025-49794, CVE-2025-49796) affect Power HMC.	9 Sep 202513:52	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "458253ff-267d-3e5c-bbf6-32483310cb92",
        "vendor": {
          "name": "Red Hat"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "092f5aa6-986f-3cbc-9055-f4a4bca02741",
        "product": {
          "name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.13-3.el9_2.7"
      },
      {
        "id": "1388ac1c-418e-359f-b825-2bf84f41f161",
        "product": {
          "name": "Red Hat Discovery 2"
        },
        "product_version": "patch: sha256:c517869dacaf4d3650310d4a52e83706e0b311d6ebb4a9b37b1c7acff5c142ec"
      },
      {
        "id": "176a2640-ee1a-33a7-9ebd-906207bb70db",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      },
      {
        "id": "239963d9-be50-361d-a1c6-5e6932bb634c",
        "product": {
          "name": "Red Hat Enterprise Linux 8"
        },
        "product_version": "patch: 0:2.9.7-21.el8_10.1"
      },
      {
        "id": "264ff838-1457-36e0-9a66-fa9ee9307466",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      },
      {
        "id": "35477c4c-0c15-30c0-87a7-fc459d28565b",
        "product": {
          "name": "Red Hat Enterprise Linux 9.4 Extended Update Support"
        },
        "product_version": "patch: 0:2.9.13-10.el9_4"
      },
      {
        "id": "6887f832-da84-3312-a2ae-ea14ec0a75e1",
        "product": {
          "name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.7-16.el8_8.9"
      },
      {
        "id": "6c38513b-5ffa-300e-a2a5-7e4b159053d8",
        "product": {
          "name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.13-1.el9_0.5"
      },
      {
        "id": "6fda74ff-8289-3c93-8d76-b391879d2be9",
        "product": {
          "name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service"
        },
        "product_version": "patch: 0:2.9.7-16.el8_8.9"
      },
      {
        "id": "92743299-59d6-3c9a-bbe2-c3004faa7a30",
        "product": {
          "name": "Red Hat Insights proxy 1.5"
        },
        "product_version": "patch: sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7"
      },
      {
        "id": "94a6e028-6d9b-391d-97b2-11bb5a7265ad",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support"
        },
        "product_version": "patch: 0:2.9.7-9.el8_4.6"
      },
      {
        "id": "9e16bdcd-d2ce-323f-8df1-6400e5976383",
        "product": {
          "name": "Red Hat Insights proxy 1.5"
        },
        "product_version": "patch: sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d"
      },
      {
        "id": "9e8ad120-4b9e-3a3a-b209-7d4da9bb89d9",
        "product": {
          "name": "Red Hat Enterprise Linux 10"
        },
        "product_version": "patch: 0:2.12.5-7.el10_0"
      },
      {
        "id": "c04af4dc-024c-354c-bbf6-d3d132492187",
        "product": {
          "name": "Red Hat Web Terminal 1.11 on RHEL 9"
        },
        "product_version": "patch: 1.11-19"
      },
      {
        "id": "cacbdefd-5ea4-3b57-b3ca-a86db0ace1cd",
        "product": {
          "name": "Red Hat Enterprise Linux 8.2 Advanced Update Support"
        },
        "product_version": "patch: 0:2.9.7-9.el8_2.3"
      },
      {
        "id": "cfcf764d-e03b-3655-95a7-d47a17ed1700",
        "product": {
          "name": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On"
        },
        "product_version": "patch: 0:2.9.7-9.el8_4.6"
      },
      {
        "id": "d7af9de7-d2c0-3ebe-ba47-29c5c3fbbd49",
        "product": {
          "name": "Red Hat Web Terminal 1.12 on RHEL 9"
        },
        "product_version": "patch: 1.12-4"
      },
      {
        "id": "d99c31d2-62f0-3661-a6fd-038fb6bac68f",
        "product": {
          "name": "Red Hat Web Terminal 1.11 on RHEL 9"
        },
        "product_version": "patch: 1.11-8"
      },
      {
        "id": "e50c42e5-d067-3f4d-8f13-253bc4c9910a",
        "product": {
          "name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support"
        },
        "product_version": "patch: 0:2.9.1-6.el7_9.10"
      },
      {
        "id": "ec5bf634-8518-314d-b21e-a90694ed531c",
        "product": {
          "name": "Red Hat Enterprise Linux 9"
        },
        "product_version": "patch: 0:2.9.13-10.el9_6"
      },
      {
        "id": "f0898d56-3110-31e0-8432-bb82ed58d984",
        "product": {
          "name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions"
        },
        "product_version": "patch: 0:2.9.7-13.el8_6.10"
      },
      {
        "id": "fb28acfd-fffe-3331-8e12-278066982d64",
        "product": {
          "name": "Red Hat Discovery 2"
        },
        "product_version": "patch: sha256:ad07f55ee75fb20310c88f154a04665bd8465d138d66c665c300f61447858344"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-49796
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-49796
access	www.access.redhat.com/errata/RHSA-2025:10630
access	www.access.redhat.com/errata/RHSA-2025:10698
access	www.access.redhat.com/errata/RHSA-2025:10699
access	www.access.redhat.com/errata/RHSA-2025:11580
access	www.access.redhat.com/errata/RHSA-2025:12098
access	www.access.redhat.com/errata/RHSA-2025:12099
access	www.access.redhat.com/errata/RHSA-2025:12199

03 Oct 2025 20:07Current

8.1High risk

Vulners AI Score8.1

CVSS 3.19.1

EPSS0.01777

SSVC

libxml2 vulnerability memory corruption denial of service xml input