Bug 2397838 (CVE-2025-10911)

Summary: CVE-2025-10911 libxslt: use-after-free with key data stored cross-RVT
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caswilli, gtanzill, jbuscemi, jmitchel, kaycoth, kshier, pbohmill, rhel-process-autobot, teagle, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2398122, 2398123, 2398124, 2398125, 2398126, 2398127, 2398128, 2398129, 2398130    
Bug Blocks:    

Description OSIDB Bzimport 2025-09-24 15:46:28 UTC
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Comment 2 Isaiah Johnson 2026-04-28 19:17:36 UTC
Created trackers for RHEL 8.10.z, and 9.6.z due to compliance requirements.

Comment 3 errata-xmlrpc 2026-06-16 15:41:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:26355 https://access.redhat.com/errata/RHSA-2026:26355

Comment 4 errata-xmlrpc 2026-06-23 19:51:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:28243 https://access.redhat.com/errata/RHSA-2026:28243

Comment 5 errata-xmlrpc 2026-06-24 04:46:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:28584 https://access.redhat.com/errata/RHSA-2026:28584

Comment 6 errata-xmlrpc 2026-06-25 08:36:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:29809 https://access.redhat.com/errata/RHSA-2026:29809

Comment 7 errata-xmlrpc 2026-06-25 09:27:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:29814 https://access.redhat.com/errata/RHSA-2026:29814

Comment 8 errata-xmlrpc 2026-06-25 09:28:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:29811 https://access.redhat.com/errata/RHSA-2026:29811

Comment 9 errata-xmlrpc 2026-06-25 15:10:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:29975 https://access.redhat.com/errata/RHSA-2026:29975

Comment 10 errata-xmlrpc 2026-06-25 15:21:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:29976 https://access.redhat.com/errata/RHSA-2026:29976

Comment 11 errata-xmlrpc 2026-06-25 18:06:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:29807 https://access.redhat.com/errata/RHSA-2026:29807

Comment 12 errata-xmlrpc 2026-06-29 02:16:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:30847 https://access.redhat.com/errata/RHSA-2026:30847