CVE-2025-6021

ADVISORY - nist

Summary

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

EPSS Score⁠: 0.00638 (0.700)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

CWE-787⁠

Out-of-bounds Write

ADVISORY - redhat

(CWE-190|CWE-121)⁠

Impacted images

Advisories

Alpine

CREATED

5 months ago

UPDATED

8 days ago

ADVISORY IDCVE-2025-6021⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
alpine/libxml2	apk	alpine	3.21	<2.13.9-r0	2.13.9-r0
alpine/libxml2	apk	alpine	3.23	<2.13.9-r0	2.13.9-r0
alpine/libxml2	apk	alpine	3.20	<=2.10.0-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.10.3-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.10.4-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.10-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.5-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.7-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.7-r1	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.7-r2	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.12.7-r3	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.10-r4	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.10-r5	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.11-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.13-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.14-r0	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.4-r1	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.4-r2	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.4-r4	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.8-r1	Not yet available
alpine/libxml2	apk	alpine	3.20	<=2.9.8-r3	Not yet available
alpine/libxml2	apk	alpine	3.24	<2.13.9-r0	2.13.9-r0
alpine/libxml2	apk	alpine	edge	<2.13.9-r0	2.13.9-r0
alpine/libxml2	apk	alpine	3.22	<2.13.9-r0	2.13.9-r0
alpine/qt6-qtwebengine	apk	alpine	edge	<0	0
alpine/qt6-qtwebengine	apk	alpine	3.23	<0	0
alpine/qt6-qtwebengine	apk	alpine	3.24	<0	0
alpine/qt6-qtwebengine	apk	alpine	3.22	<6.8.3-r5	6.8.3-r5

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

8 months ago

UPDATED

2 days ago

ADVISORY IDCVE-2025-6021⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠CWE-787⁠

CVSS SCORE

7.5high

Debian

CREATED

8 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-6021⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

8 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2025-6021⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2025:10698⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDALSA-2025:10699⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDALAS2-2025-2893⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDALAS2023-2025-1019⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

8 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2025-6021⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

(CWE-190|CWE-121)⁠

CVSS SCORE

7.5medium

Rocky

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDRLSA-2025:10630⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDRLSA-2025:10698⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDRLSA-2025:10699⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2025-10630⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2025-10698⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY IDELSA-2025-10699⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDELSA-2025-12240⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Photon

CREATED

7 months ago

UPDATED

5 months ago

ADVISORY ID

CVE-2025-6021

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high