CVE-2025-24928

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 18, 2025

CWE ID 121

Summary

CVE-2025-24928 is a newly identified buffer overflow vulnerability affecting libxml2 before version 2.12.10 and 2.13.x before 2.13.6. This issue lies in the xmlSnprintfElements function within the valid.c file, leading to a stack-based buffer overflow. For exploitation, an untrusted document or DTD must undergo DTD validation. This vulnerability shares similarities with CVE-2017-9047.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xmlsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/24YOTB
https://www.cve.org/CVERecord?id=CVE-2025-24928
https://nvd.nist.gov/vuln/detail/CVE-2025-24928

Back to Vulnerability Database

CVE-2025-24928

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations