Skip to main content
Version: latest

CVE-2025-49795

CVE Details

Visit the official vulnerability details page for CVE-2025-49795 to learn more.

Initial Publication

06/13/2025

Last Update

09/02/2025

Third Party Dependency

libxml2

NIST CVE Summary

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

CVE Severity

7.5

Our Official Summary

This is a high-severity null pointer dereference in libxml2—specifically within the xmlSchematronFormatReport function—triggered by malformed XPath expressions, allowing for a denial-of-service (DoS) attack.

This vulnerability impacts libxml2 processing of XPath in XML schemas, enabling remote DoS via null pointer dereference. In SpectroCloud environments, the container image is isolated from external exposure, containers do not consume malicious XML inputs by design, and hardened execution policies confine any impact to single containers—making overall risk minimal.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.7.16⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.41⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact

Revision History

DateRevision
08/12/2025Status changed from Open to Ongoing
08/12/2025Official summary added
06/17/2025Advisory assigned with HIGH severity