CVE-2025-6170

LOW EPSS 8.8%

Published Jun 16, 20251y ago · Modified Jun 17, 20261w ago

2.5 CVSS 3.1

Low

Published Jun 16, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVSS Details

Base Score

2.5

Exploitability

1.0

Impact

1.4

Vector string

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector Local

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability Low

Threat Intelligence

EPSS Exploit Probability

8.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-121

Affected Products 8

Vendor	Product	Version	Range
redhat	jboss_core_services	*	any
redhat	openshift_container_platform	4.0	any
redhat	enterprise_linux	6.0	any
redhat	enterprise_linux	7.0	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux	10.0	any
xmlsoft	libxml2	*	any

References 6

access.redhat.com https://access.redhat.com/errata/RHSA-2026:7519
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-6170

MitigationThird Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2372952

Issue TrackingThird Party Advisory
cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
gitlab.gnome.org https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.