Cyber Resilience

CVE-2025-27113

LowPublic PoC

Published: 18 February 2025

Published
18 February 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0009 26.2th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27113 is a low-severity NULL Pointer Dereference (CWE-476) vulnerability in Xmlsoft Libxml2. Its CVSS base score is 2.9 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27113 is a NULL pointer dereference vulnerability in the xmlPatMatch function within pattern.c of the libxml2 library. It affects libxml2 versions before 2.12.10 as well as 2.13.x versions before 2.13.6. The vulnerability, classified under CWE-476, was published on 2025-02-18 and carries a CVSS v3.1 base score of 2.9.

A local attacker (AV:L) with no privileges (PR:N) and no user interaction (UI:N) required can exploit this issue through a high-complexity attack (AC:H) within unchanged scope (S:U). Successful exploitation results in limited availability impact (A:L) via a crash or denial of service, with no impact on confidentiality or integrity (C:N/I:N).

Advisories recommend upgrading to libxml2 2.12.10 or later for the 2.12 series, or 2.13.6 or later for the 2.13 series to mitigate the issue. Further technical details are documented in the libxml2 GitLab issue at https://gitlab.gnome.org/GNOME/libxml2/-/issues/861, along with full disclosure reports at http://seclists.org/fulldisclosure/2025/Apr/10, http://seclists.org/fulldisclosure/2025/Apr/11, http://seclists.org/fulldisclosure/2025/Apr/12, and http://seclists.org/fulldisclosure/2025/Apr/13.

EU & UK References

Vulnerability details

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL pointer dereference in libxml2 causes crash/DoS, directly mapping to application exploitation for endpoint denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-49043Same product: Xmlsoft Libxml2
CVE-2026-40413Shared CWE-476
CVE-2025-57155Shared CWE-476
CVE-2026-28390Shared CWE-476
CVE-2026-23952Shared CWE-476
CVE-2025-57156Shared CWE-476
CVE-2025-63647Shared CWE-476
CVE-2025-69624Shared CWE-476
CVE-2024-55193Shared CWE-476
CVE-2025-63648Shared CWE-476

Affected Assets

xmlsoft
libxml2
≤ 2.12.10 · 2.13.0 — 2.13.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of flaws like the NULL pointer dereference in libxml2's xmlPatMatch function via patching to version 2.12.10 or 2.13.6.

detect

Vulnerability scanning detects systems using vulnerable libxml2 versions affected by CVE-2025-27113.

detect

Ensures receipt of security advisories documenting CVE-2025-27113, enabling awareness and initiation of flaw remediation.

References