CVE-2025-6021
Published: 12 June 2025
Summary
CVE-2025-6021 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Redhat Openshift Container Platform. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A flaw exists in libxml2 within the xmlBuildQName function, where integer overflows during buffer size calculations produce a stack-based buffer overflow. The affected component is the widely used libxml2 library, and the issue manifests as memory corruption or denial of service when the library processes specially crafted input. The vulnerability carries a CVSS 3.1 base score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.
An unauthenticated remote attacker can supply malicious XML content to any application that links against the vulnerable libxml2 version, triggering the overflow to corrupt memory or crash the process and thereby achieve a high-impact denial of service. No confidentiality or integrity impact is possible according to the provided scoring.
Red Hat has published multiple errata (RHSA-2025:10630, RHSA-2025:10698, RHSA-2025:10699, RHSA-2025:11580, RHSA-2025:11673) that deliver patched libxml2 packages for affected Red Hat Enterprise Linux distributions.
The associated EPSS score remains flat at 0.0212 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18175
Vulnerability details
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-6021 and related libxml2 vulnerabilities (integer overflow leading to stack buffer overflow, heap UAF, null pointer dereference, type confusion) enable denial of service via exploitation of applications processing crafted XML input.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.