CVE-2025-8732

LOW EPSS 3.3%

Published Aug 8, 202510mo ago · Modified Jun 17, 20261w ago

1.9 CVSS 4.0

Low

Published Aug 8, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

CVSS Details

Base Score

1.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

3.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-404

CWE-674

References 7

cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
drive.google.com https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link
gitlab.gnome.org https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
gitlab.gnome.org https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853
vuldb.com https://vuldb.com/?ctiid.319228
vuldb.com https://vuldb.com/?id.319228
vuldb.com https://vuldb.com/?submit.622285

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.