Cyber Resilience

CVE-2022-49043

High

Published: 26 January 2025

Published
26 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0022 44.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49043 is a high-severity Use After Free (CWE-416) vulnerability in Xmlsoft Libxml2. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49043 is a use-after-free vulnerability in the xmlXIncludeAddNode function within xinclude.c of libxml2 versions prior to 2.11.0. Libxml2 is a widely used XML processing library in various software ecosystems, including applications that parse XML with XInclude support. The flaw, classified under CWE-416, carries a CVSS v3.1 base score of 8.1 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite requiring local access.

An unprivileged local attacker could exploit this vulnerability by triggering the use-after-free during XML processing with XInclude enabled. The attack requires high complexity, such as crafting specific malformed XML input that manipulates memory in xmlXIncludeAddNode, but demands no user interaction. Successful exploitation could result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, data corruption, or denial of service within the context of the affected process, with scope expanded due to the scope-changed metric.

Mitigation involves updating to libxml2 version 2.11.0 or later, as evidenced by the upstream patch commit at https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b. Debian LTS users should refer to the announcement at https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html for backported fixes in supported releases. Additionally, PHP integrators should review https://github.com/php/php-src/issues/17467 for related discussions on libxml2 dependency handling.

EU & UK References

Vulnerability details

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in XML library enables local arbitrary code execution via crafted input, directly facilitating exploitation for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55549Same vendor: Xmlsoft
CVE-2025-24855Same vendor: Xmlsoft
CVE-2025-27113Same product: Xmlsoft Libxml2
CVE-2024-56171Same product: Xmlsoft Libxml2
CVE-2022-49411Shared CWE-416
CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416

Affected Assets

xmlsoft
libxml2
≤ 2.11.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates identification, reporting, and timely correction of software flaws, directly requiring patching of vulnerable libxml2 versions prior to 2.11.0 to eliminate the use-after-free vulnerability.

prevent

SI-16 enforces memory protection mechanisms such as ASLR, DEP, and guard pages that directly mitigate exploitation of the use-after-free in xmlXIncludeAddNode.

detect

RA-5 requires vulnerability scanning to detect and prioritize systems affected by CVE-2022-49043 in libxml2 for subsequent remediation.

References