Skip to main content
Version: latest

CVE-2025-32414

CVE Details

Visit the official vulnerability details page for CVE-2025-32414 to learn more.

Initial Publication

05/15/2025

Last Update

08/22/2025

Third Party Dependency

libxml2

NIST CVE Summary

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

CVE Severity

7.5

Our Official Summary

The issue arises from incorrect handling of return values in the xmlPythonFileRead and xmlPythonFileReadRaw functions. Specifically, a mismatch between bytes and characters in Python 3 can lead to out-of-bounds memory access.

This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted⚠️ Impacted
4.6.41⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
06/27/2025Status changed from Open to Ongoing
06/27/2025Official summary added