CVE-2025-27113
CVE Details
Visit the official vulnerability details page for CVE-2025-27113 to learn more.
Initial Publication
02/21/2025
Last Update
03/28/2025
Third Party Dependency
libxml2
NIST CVE Summary
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
CVE Severity
Our Official Summary
A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern. There is no fix available at the moment upstream for the third party images where this is reported.
This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.13 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.12 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.8 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.7 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 03/24/2025 | Impacted versions changed from 4.6.7, 4.6.8, 4.6.12 to 4.6.7, 4.6.8, 4.6.12, 4.6.13 |
| 03/18/2025 | Impacted versions changed from 4.6.7, 4.6.8 to 4.6.7, 4.6.8, 4.6.12 |
| 03/13/2025 | Status changed from Open to Ongoing |
| 03/13/2025 | Official summary added |
| 03/01/2025 | Impacted versions changed from 4.6.7 to 4.6.7, 4.6.8 |
| 02/28/2025 | Advisory assigned with HIGH severity |