Lucene search
+L

Photon OS 4.0: Libxml2 PHSA-2025-4.0-0834

🗓️ 19 Jul 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Libxml2 package update released for Photon OS 4.0 addressing security issues.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
5 Jun 202512:51
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
18 Dec 202501:19
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS
17 Jul 202516:10
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
3 Mar 202600:44
ibm
IBM Security Bulletins
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
26 Mar 202518:00
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ Appliance is affected by a libxml2 use-after-free vulnerability (CVE-2022-49043)
2 May 202515:15
ibm
IBM Security Bulletins
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a use-after-free vulnerability due to the libxml2 package (CVE-2025-49794)
2 Sep 202514:33
ibm
IBM Security Bulletins
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
7 Aug 202508:11
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
12 Nov 202519:08
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities due to libxml2, python3, pam and glibc  packages shipped with IBM CICS TX Advanced.
12 Aug 202511:56
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2025-4.0-0834. The text
# itself is copyright (C) VMware, Inc.
##

include('compat.inc');

if (description)
{
  script_id(242403);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id(
    "CVE-2022-49043",
    "CVE-2025-49794",
    "CVE-2025-49796",
    "CVE-2025-6021"
  );
  script_xref(name:"IAVA", value:"2024-A-0067-S");
  script_xref(name:"IAVA", value:"2025-A-0707-S");

  script_name(english:"Photon OS 4.0: Libxml2 PHSA-2025-4.0-0834");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the libxml2 package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Update-4.0-834.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-49796");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libxml2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:4.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item('Host/PhotonOS/release');
if (isnull(_release) || _release !~ "^VMware Photon") audit(AUDIT_OS_NOT, 'PhotonOS');
if (_release !~ "^VMware Photon (?:Linux|OS) 4\.0(\D|$)") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');

if (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);

var flag = 0;

if (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'libxml2-2.9.12-18.ph4')) flag++;
if (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'libxml2-devel-2.9.12-18.ph4')) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.17.8 - 9.1
EPSS0.01437
SSVC
4