CVE-2025-9714

ADVISORY - nist

Summary

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

EPSS Score⁠: 0.00024 (0.057)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-674⁠

Uncontrolled Recursion

Impacted images

Advisories

NIST

CREATED

4 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-9714⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-674⁠

CVSS SCORE

6.2medium

Alpine

CREATED

4 months ago

UPDATED

27 days ago

ADVISORY IDCVE-2025-9714⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-9714⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

4 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2025-9714⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Alma

CREATED

24 days ago

UPDATED

22 days ago

ADVISORY IDALSA-2025:22376⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Rocky

CREATED

23 days ago

UPDATED

23 days ago

ADVISORY IDRLSA-2025:22376⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

24 days ago

UPDATED

24 days ago

ADVISORY IDELSA-2025-22376⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium