Cyber Resilience

CVE-2024-55549

HighPublic PoC

Published: 14 March 2025

Published
14 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
EPSS Score 0.0010 27.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55549 is a high-severity Use After Free (CWE-416) vulnerability in Xmlsoft Libxslt. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-55549 is a use-after-free vulnerability in the xsltGetInheritedNsList function within libxslt versions prior to 1.1.43. The issue arises due to improper handling related to the exclusion of result prefixes during XSLT processing, potentially leading to memory corruption when freeing and subsequently accessing deallocated memory.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H), indicating it requires local access with high attack complexity but no privileges or user interaction. A local attacker could exploit this to achieve high integrity and availability impacts, such as arbitrary code execution or denial of service, with a changed scope affecting the system's security.

Mitigation details are available in advisories from the GNOME libxslt issue tracker at https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html, which likely include patches upgrading to libxslt 1.1.43 or later.

EU & UK References

Vulnerability details

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in libxslt enables local arbitrary code execution (with scope change) for privilege escalation; also supports DoS but primary mapping is T1068.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24855Same product: Xmlsoft Libxslt
CVE-2022-49043Same vendor: Xmlsoft
CVE-2024-56171Same vendor: Xmlsoft
CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416
CVE-2025-21856Shared CWE-416

Affected Assets

xmlsoft
libxslt
≤ 1.1.43

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the use-after-free vulnerability by requiring timely identification, testing, and deployment of patches such as upgrading libxslt to version 1.1.43 or later.

prevent

Implements memory protection mechanisms like ASLR and DEP that mitigate exploitation of the use-after-free leading to memory corruption.

detect

Enables vulnerability scanning to identify the presence of vulnerable libxslt versions affected by CVE-2024-55549.

References