Cyber Resilience

CVE-2025-24855

HighPublic PoC

Published: 14 March 2025

Published
14 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
EPSS Score 0.0009 25.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24855 is a high-severity Use After Free (CWE-416) vulnerability in Xmlsoft Libxslt. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24855 is a use-after-free vulnerability (CWE-416) in the numbers.c component of libxslt versions prior to 1.1.43. It arises during nested XPath evaluations, where an XPath context node can be modified but is never restored, affecting functions such as xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. The vulnerability carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H.

A local attacker can exploit this vulnerability with high attack complexity, requiring no privileges or user interaction. Successful exploitation changes scope and results in high impacts to integrity and availability, though confidentiality is unaffected.

Mitigation details are available in advisories such as the GNOME libxslt GitLab issue at https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 and the Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html, published around the CVE disclosure on 2025-03-14.

EU & UK References

Vulnerability details

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free in libxslt with no privileges required, high attack complexity, scope change, and high integrity impact directly enables exploitation for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55549Same product: Xmlsoft Libxslt
CVE-2022-49043Same vendor: Xmlsoft
CVE-2024-56171Same vendor: Xmlsoft
CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416
CVE-2025-21856Shared CWE-416

Affected Assets

xmlsoft
libxslt
≤ 1.1.43

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the use-after-free flaw in libxslt, directly eliminating the vulnerability.

prevent

Mandates periodic vulnerability scanning to detect systems with vulnerable libxslt versions prior to exploitation.

prevent

Implements memory protections such as ASLR and non-executable memory to mitigate exploitation of the use-after-free in nested XPath processing.

References