Cyber Resilience

CVE-2025-24928

High

Published: 18 February 2025

Published
18 February 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0024 46.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24928 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Xmlsoft Libxml2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24928 is a stack-based buffer overflow in the xmlSnprintfElements function within valid.c of libxml2. It affects libxml2 versions before 2.12.10 and 2.13.x before 2.13.6. Exploitation requires DTD validation to occur for an untrusted document or untrusted DTD. The vulnerability is classified as CWE-121 (stack-based buffer overflow) with a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N). It is similar to CVE-2017-9047.

A local attacker with no privileges can exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation can result in high confidentiality and integrity impacts with a changed scope, potentially enabling code execution or data tampering during XML processing that involves DTD validation.

Advisories recommend upgrading to libxml2 2.12.10 or later (for the 2.12 branch) or 2.13.6 or later (for the 2.13 branch). The libxml2 GitLab issue at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 tracks the fix, while OSS-Fuzz issue https://issues.oss-fuzz.com/issues/392687022 documents the discovery. Debian LTS announcement https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html provides patches for affected Debian versions, and NetApp advisory https://security.netapp.com/advisory/ntap-20250321-0006/ covers mitigation in NetApp products.

EU & UK References

Vulnerability details

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The local stack-based buffer overflow in libxml2 (requiring no privileges) enables code execution with changed scope and high C/I impact during DTD validation, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56171Same product: Netapp Active Iq Unified Manager
CVE-2025-26512Same product class: NAS / storage appliance
CVE-2023-4911Same product: Netapp H300S
CVE-2024-54085Same product: Netapp H300S
CVE-2025-30273Same product class: NAS / storage appliance
CVE-2025-59383Same product class: NAS / storage appliance
CVE-2024-53697Same product class: NAS / storage appliance
CVE-2025-48725Same product class: NAS / storage appliance
CVE-2022-0847Same product: Netapp H300S
CVE-2025-0411Same product: Netapp Active Iq Unified Manager

Affected Assets

netapp
active iq unified manager
all versions
netapp
manageability software development kit
all versions
netapp
ontap
9
netapp
solidfire \& hci management node
all versions
xmlsoft
libxml2
≤ 2.12.10 · 2.13.0 — 2.13.6
netapp
hci compute node
all versions
netapp
h410c firmware
all versions
netapp
h300s firmware
all versions
netapp
h500s firmware
all versions
netapp
h700s firmware
all versions
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires patching libxml2 to version 2.12.10 or later, directly eliminating the stack-based buffer overflow in xmlSnprintfElements during DTD validation.

prevent

Memory protection safeguards such as stack canaries and address space randomization directly mitigate exploitation of the stack-based buffer overflow in libxml2's valid.c.

prevent

Least functionality disables unnecessary DTD validation in libxml2 when processing untrusted documents or DTDs, preventing the precondition required to trigger the buffer overflow.

References