CVE-2025-10911
MEDIUM5.5EPSS 0.02%Libxslt: use-after-free with key data stored cross-rvt
Published: 9/25/2025Modified: 4/28/2026
Also known as:DEBIAN-CVE-2025-10911
Description
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Affected packages (4)
- Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.481
- Debian/libxsltfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-10911
- WEBhttps://access.redhat.com/errata/RHSA-2026:11015
- WEBhttps://access.redhat.com/security/cve/CVE-2025-10911
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2397838
- WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/144
- WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-10911