CVE-2025-7424
Published: 10 July 2025
Summary
CVE-2025-7424 is a high-severity Type Confusion (CWE-843) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20995
Vulnerability details
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or…
more
corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Type confusion in libxslt enables remote unauthenticated memory corruption, crashes, DoS, or RCE via crafted XSLT, facilitating exploitation of public-facing applications or remote services and application-level endpoint DoS.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.