SUSE CVE-2025-24928

🗓️ 20 Feb 2025 14:30:34Reported by Suse CVEType

SUSE CVE-2025-24928: libxml2 stack overflow in xmlSnprintfElements during untrusted DTD validation; pre 2.12.10 and 2.13.x before 2.13.6.

Reporter	Title	Published	Views	Family All 278
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 library (CVE-2024-56171, CVE-2025-24928) affect Power HMC.	7 Jul 202505:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	25 Jun 202513:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a stack-based buffer overflow in libxml2 [CVE-2025-24928]	13 Jun 202516:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	30 Sep 202508:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	11 Jun 202501:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	26 Apr 202514:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	28 Apr 202519:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	19 Jun 202500:54	–	ibm
IBM Security Bulletins	Security Bulletin: Prevoius version has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, affect watsonx.data	1 Jul 202507:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType	1 May 202515:16	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Leap	15.6	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Micro	5.5	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.6	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.6	any	libxml2-2	2.10.3-150500.5.23.1	libxml2-2-2.10.3-150500.5.23.1.noarch.rpm
SUSE Linux Micro	6.0	any	libxml2-2	2.11.6-5.1	libxml2-2-2.11.6-5.1.noarch.rpm
SUSE Linux Micro	6.1	any	libxml2-2	2.11.6-slfo.1.1_2.1	libxml2-2-2.11.6-slfo.1.1_2.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.7	any	libxml2-2	2.12.10-150700.2.1	libxml2-2-2.12.10-150700.2.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2025-24928
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1237370
lists	www.lists.suse.com/pipermail/suse-liberty-linux-updates/2025-March/000996.html
lists	www.lists.suse.com/pipermail/suse-liberty-linux-updates/2025-March/000965.html
lists	www.lists.suse.com/pipermail/suse-liberty-linux-updates/2025-March/000957.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-February/020469.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-February/020468.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-February/020467.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-March/020569.html

23 May 2026 01:34Current

7.8High risk

Vulners AI Score7.8

CVSS 3.16.6

EPSS0.00375