Azure Linux 3.0 Security Update: libxml2 (CVE-2025-6170)

🗓️ 30 Jul 2025 00:00:00Reported by TenableType

Azure Linux 3.0 libxml2 is vulnerable to CVE-2025-6170 due to improper input size checks in xmllint.

Reporter	Title	Published	Views	Family All 127
FreeBSD	libxml2 -- multiple vulnerabilities	27 May 202500:00	–	freebsd
ATTACKERKB	CVE-2025-6170	16 Jun 202515:24	–	attackerkb
AlpineLinux	CVE-2025-6170	16 Jun 202515:24	–	alpinelinux
CBLMariner	CVE-2025-6170 affecting package libxml2 for versions less than 2.10.4-8	29 Jul 202515:14	–	cbl_mariner
CBLMariner	CVE-2025-6170 affecting package libxml2 for versions less than 2.11.5-6	28 Jul 202521:13	–	cbl_mariner
Circl	CVE-2025-6170	16 Jun 202515:40	–	circl
CNNVD	libxml2 安全漏洞	16 Jun 202500:00	–	cnnvd
CVE	CVE-2025-6170	16 Jun 202515:24	–	cve
Cvelist	CVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling	16 Jun 202515:24	–	cvelist
Debian	[SECURITY] [DLA 4251-1] libxml2 security update	26 Jul 202519:10	–	debian

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-6170
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(243026);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-6170");
  script_xref(name:"IAVA", value:"2025-A-0707-S");

  script_name(english:"Azure Linux 3.0 Security Update: libxml2 (CVE-2025-6170)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of libxml2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2025-6170 advisory.

  - A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.
    When a user inputs an overly long command, the program does not check the input size properly, which can
    cause it to crash. This issue might allow attackers to run harmful code in rare configurations without
    modern protections. (CVE-2025-6170)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-6170");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6170");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:libxml2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:python3-libxml2");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'libxml2-2.11.5-6.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libxml2-2.11.5-6.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libxml2-debuginfo-2.11.5-6.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libxml2-debuginfo-2.11.5-6.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libxml2-devel-2.11.5-6.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'libxml2-devel-2.11.5-6.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python3-libxml2-2.11.5-6.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python3-libxml2-2.11.5-6.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-debuginfo / libxml2-devel / python3-libxml2');
}

21 Jan 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 3.12.5

EPSS0.0019

SSVC