Bug 2397838 (CVE-2025-10911) - CVE-2025-10911 libxslt: use-after-free with key data stored cross-RVT
Summary: CVE-2025-10911 libxslt: use-after-free with key data stored cross-RVT
Keywords:
Status: NEW
Alias: CVE-2025-10911
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2398122 2398123 2398124 2398125 2398126 2398127 2398128 2398129 2398130
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-24 15:46 UTC by OSIDB Bzimport
Modified: 2026-06-29 02:16 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:29047 0 None None None 2026-06-24 13:59:59 UTC
Red Hat Product Errata RHSA-2026:26355 0 None None None 2026-06-16 15:41:42 UTC
Red Hat Product Errata RHSA-2026:28243 0 None None None 2026-06-23 19:51:32 UTC
Red Hat Product Errata RHSA-2026:28584 0 None None None 2026-06-24 04:46:09 UTC
Red Hat Product Errata RHSA-2026:29807 0 None None None 2026-06-25 18:06:18 UTC
Red Hat Product Errata RHSA-2026:29809 0 None None None 2026-06-25 08:36:43 UTC
Red Hat Product Errata RHSA-2026:29811 0 None None None 2026-06-25 09:28:41 UTC
Red Hat Product Errata RHSA-2026:29814 0 None None None 2026-06-25 09:27:45 UTC
Red Hat Product Errata RHSA-2026:29975 0 None None None 2026-06-25 15:10:53 UTC
Red Hat Product Errata RHSA-2026:29976 0 None None None 2026-06-25 15:21:14 UTC
Red Hat Product Errata RHSA-2026:30847 0 None None None 2026-06-29 02:16:10 UTC

Description OSIDB Bzimport 2025-09-24 15:46:28 UTC 
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Comment 2 Isaiah Johnson 2026-04-28 19:17:36 UTC 
Created trackers for RHEL 8.10.z, and 9.6.z due to compliance requirements.
Comment 3 errata-xmlrpc 2026-06-16 15:41:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:26355 https://access.redhat.com/errata/RHSA-2026:26355
Comment 4 errata-xmlrpc 2026-06-23 19:51:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:28243 https://access.redhat.com/errata/RHSA-2026:28243
Comment 5 errata-xmlrpc 2026-06-24 04:46:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:28584 https://access.redhat.com/errata/RHSA-2026:28584
Comment 6 errata-xmlrpc 2026-06-25 08:36:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:29809 https://access.redhat.com/errata/RHSA-2026:29809
Comment 7 errata-xmlrpc 2026-06-25 09:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:29814 https://access.redhat.com/errata/RHSA-2026:29814
Comment 8 errata-xmlrpc 2026-06-25 09:28:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:29811 https://access.redhat.com/errata/RHSA-2026:29811
Comment 9 errata-xmlrpc 2026-06-25 15:10:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:29975 https://access.redhat.com/errata/RHSA-2026:29975
Comment 10 errata-xmlrpc 2026-06-25 15:21:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:29976 https://access.redhat.com/errata/RHSA-2026:29976
Comment 11 errata-xmlrpc 2026-06-25 18:06:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:29807 https://access.redhat.com/errata/RHSA-2026:29807
Comment 12 errata-xmlrpc 2026-06-29 02:16:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:30847 https://access.redhat.com/errata/RHSA-2026:30847
Note You need to log in before you can comment on or make changes to this bug.