CVE-2024-55549

HighPublic PoC

Published: 14 March 2025

Published

14 March 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

EPSS Score 0.0010 27.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55549 is a high-severity Use After Free (CWE-416) vulnerability in Xmlsoft Libxslt. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the use-after-free vulnerability by requiring timely identification, testing, and deployment of patches such as upgrading libxslt to version 1.1.43 or later.

SI-16 Memory Protection partial match

prevent

Implements memory protection mechanisms like ASLR and DEP that mitigate exploitation of the use-after-free leading to memory corruption.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify the presence of vulnerable libxslt versions affected by CVE-2024-55549.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Use-after-free in libxslt enables local arbitrary code execution (with scope change) for privilege escalation; also supports DoS but primary mapping is T1068.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Deeper analysisAI

CVE-2024-55549 is a use-after-free vulnerability in the xsltGetInheritedNsList function within libxslt versions prior to 1.1.43. The issue arises due to improper handling related to the exclusion of result prefixes during XSLT processing, potentially leading to memory corruption when freeing and subsequently accessing deallocated memory.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H), indicating it requires local access with high attack complexity but no privileges or user interaction. A local attacker could exploit this to achieve high integrity and availability impacts, such as arbitrary code execution or denial of service, with a changed scope affecting the system's security.

Mitigation details are available in advisories from the GNOME libxslt issue tracker at https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html, which likely include patches upgrading to libxslt 1.1.43 or later.