CVE-2025-6021: Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
Published Jun 12, 2025
·Updated
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Affected Software
75 affected components
libxml2 libxml2
Xmlsoft Libxml2<2.14.4
redhat JBoss Core Services
redhat OpenShift Container Platform=4.12
redhat OpenShift Container Platform=4.13
redhat OpenShift Container Platform=4.14
redhat OpenShift Container Platform=4.15
redhat OpenShift Container Platform=4.16
redhat OpenShift Container Platform=4.17
redhat OpenShift Container Platform=4.18
redhat Openshift Container Platform For Arm64=4.13
redhat Openshift Container Platform For Arm64=4.14
redhat Openshift Container Platform For Arm64=4.15
redhat Openshift Container Platform For Arm64=4.16
redhat Openshift Container Platform For Arm64=4.17
redhat Openshift Container Platform For Arm64=4.18
redhat Openshift Container Platform For Ibm Z=4.13
redhat Openshift Container Platform For Ibm Z=4.14
redhat Openshift Container Platform For Ibm Z=4.15
redhat Openshift Container Platform For Ibm Z=4.16
redhat Openshift Container Platform For Ibm Z=4.17
redhat Openshift Container Platform For Ibm Z=4.18
redhat Openshift Container Platform For Linuxone=4.13
redhat Openshift Container Platform For Linuxone=4.14
redhat Openshift Container Platform For Linuxone=4.15
redhat Openshift Container Platform For Linuxone=4.16
redhat Openshift Container Platform For Linuxone=4.17
redhat Openshift Container Platform For Linuxone=4.18
redhat Openshift Container Platform For Power=4.13
redhat Openshift Container Platform For Power=4.14
redhat Openshift Container Platform For Power=4.15
redhat Openshift Container Platform For Power=4.16
redhat Openshift Container Platform For Power=4.17
redhat Openshift Container Platform For Power=4.18
redhat Enterprise Linux=8.0
redhat Enterprise Linux=9.0
redhat Enterprise Linux=10.0
redhat Enterprise Linux Eus=8.4
redhat Enterprise Linux Eus=8.6
redhat Enterprise Linux Eus=8.8
redhat Enterprise Linux Eus=9.4
redhat Enterprise Linux Eus=9.6
redhat Enterprise Linux Eus=10.0
redhat Enterprise Linux For Arm 64=8.0_aarch64
redhat Enterprise Linux For Arm 64=9.0_aarch64
redhat Enterprise Linux For Arm 64=9.4_aarch64
redhat Enterprise Linux For Arm 64=10.0_aarch64
redhat Enterprise Linux For Arm 64 Eus=9.4_aarch64
redhat Enterprise Linux For Arm 64 Eus=9.6_aarch64
redhat Enterprise Linux For Arm 64 Eus=10.0_aarch64
redhat Enterprise Linux For Ibm Z Systems=8.0_s390x
redhat Enterprise Linux For Ibm Z Systems=9.4_s390x
redhat Enterprise Linux For Ibm Z Systems=10.0_s390x
redhat Enterprise Linux For Ibm Z Systems Eus=9.0_s390x
redhat Enterprise Linux For Ibm Z Systems Eus=9.4_s390x
redhat Enterprise Linux For Ibm Z Systems Eus=9.6_s390x
redhat Enterprise Linux For Ibm Z Systems Eus=10.0_s390x
redhat Enterprise Linux For Power Little Endian=8.0_ppc64le
redhat Enterprise Linux For Power Little Endian=9.0_ppc64le
redhat Enterprise Linux For Power Little Endian=10.0_ppc64le
redhat Enterprise Linux For Power Little Endian Eus=9.4_ppc64le
redhat Enterprise Linux For Power Little Endian Eus=9.6_ppc64le
redhat Enterprise Linux For Power Little Endian Eus=10.0_ppc64le
redhat Enterprise Linux Server=7.0
redhat Enterprise Linux Server Aus=8.2
redhat Enterprise Linux Server Aus=8.4
redhat Enterprise Linux Server Aus=8.6
redhat Enterprise Linux Server Aus=9.2
redhat Enterprise Linux Server Aus=9.4
redhat Enterprise Linux Server Aus=9.6
redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions=9.4_ppc64le
redhat Enterprise Linux Server Tus=8.8
redhat In-vehicle Operating System=1.0
IBM DS8A00( R10.0 - R10.1 )<=10.1.3.0 - 10.10.106.0
IBM DS8900F ( R9.4)<=89.40.83.0-89.44.5.0
Event History
Feb 19, 2024
News Published
via The Register·01:29 AM
Mar 11, 2024
News Published
via The Register·04:28 AM
Jun 17, 2024
News Published
via The Register·01:59 AM
Nov 25, 2024
News Published
via The Register·01:30 AM
Feb 17, 2025
News Published
via The Register·02:25 AM
Mar 16, 2025
News Published
via The Register·10:58 PM
Mar 30, 2025
News Published
via The Register·10:45 PM
Jun 12, 2025
Data Sourced
via Red Hat·07:58 AM
DescriptionSeverityAffected Software
CVE Published
via MITRE·12:49 PM
Data Sourced
via MITRE·12:49 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·01:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·01:15 PM
Affected Software
Jun 23, 2025
News Published
via The Register·12:33 AM
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Feb 8, 2026
News Published
via The Register·10:25 PM
News Published
via The Register·10:28 PM
Frequently Asked Questions
1
What is the severity of CVE-2025-6021?
CVE-2025-6021 is classified as a high-severity vulnerability due to its potential to cause memory corruption and denial of service.
2
How do I fix CVE-2025-6021?
To fix CVE-2025-6021, it is recommended to update libxml2 to the latest version that addresses this vulnerability.
3
What software is affected by CVE-2025-6021?
CVE-2025-6021 affects applications that utilize the libxml2 library for XML processing.
4
What are the potential impacts of CVE-2025-6021?
The impacts of CVE-2025-6021 include memory corruption and potential denial of service when handling maliciously crafted input.
5
How can I mitigate the risks of CVE-2025-6021?
To mitigate the risks of CVE-2025-6021, ensure that all instances of libxml2 are upgraded and implement input validation to sanitize data.