CVE-2025-32414
CVE Details
Visit the official vulnerability details page for CVE-2025-32414 to learn more.
Initial Publication
05/15/2025
Last Update
09/18/2025
Third Party Dependency
libxml2
NIST CVE Summary
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
CVE Severity
Our Official Summary
The issue arises from incorrect handling of return values in the xmlPythonFileRead and xmlPythonFileReadRaw functions. Specifically, a mismatch between bytes and characters in Python 3 can lead to out-of-bounds memory access.
This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 06/27/2025 | Status changed from Open to Ongoing |
| 06/27/2025 | Official summary added |