CVE-2025-9714

CVE-2025-9714

Name

CVE-2025-9714

Description

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
patch	https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html

Type

URI

patch

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html

Match rules

CPE URI	Source package	Min version	Max version
	libxml2	>= 0	< 2.10.0
	libxml2	>= 0	< 2.12.7+dfsg+really2.9.14-0.4ubuntu0.3
	libxml2	>= 0	< 2.9.14+dfsg-1.3ubuntu3.5
	libxml2	>= 0	< 2.9.13+dfsg-1ubuntu0.9
	libxml2	>= 0	< 2.9.10+dfsg-5ubuntu0.20.04.10+esm2
	libxml2	>= 0	< 2.9.4+dfsg1-6.1ubuntu1.9+esm5
	libxml2	>= 0	< 2.9.3+dfsg1-1ubuntu0.7+esm10
	libxml2	>= 0	< 2.9.1+dfsg1-3ubuntu4.13+esm9
`cpe:2.3:a:xmlsoft:libxml2::::::::`	libxml2	>= None	< 2.10.0

CPE URI

Source package

Min version

Max version

libxml2

>= 0

< 2.10.0

libxml2

>= 0

< 2.12.7+dfsg+really2.9.14-0.4ubuntu0.3

libxml2

>= 0

< 2.9.14+dfsg-1.3ubuntu3.5

libxml2

>= 0

< 2.9.13+dfsg-1ubuntu0.9

libxml2

>= 0

< 2.9.10+dfsg-5ubuntu0.20.04.10+esm2

libxml2

>= 0

< 2.9.4+dfsg1-6.1ubuntu1.9+esm5

libxml2

>= 0

< 2.9.3+dfsg1-1ubuntu0.7+esm10

libxml2

>= 0

< 2.9.1+dfsg1-3ubuntu4.13+esm9

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

libxml2

>= None

< 2.10.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libxml2	edge-main	2.12.7-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.12.6-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.12.6-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.12.5-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.12.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.12.3-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.6-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.5-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.3-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.3-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.2-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.1-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.0-r3	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.0-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.0-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.11.0-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.4-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.4-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.3-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.3-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.3-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.2-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.2-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.1-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.10.0-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.9.14-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.9.14-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.9.13-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.9.11-r0	None	possibly vulnerable
libxml2	edge-main	2.9.10-r7	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	edge-main	2.9.10-r5	None	possibly vulnerable
libxml2	edge-main	2.9.10-r4	None	possibly vulnerable
libxml2	edge-main	2.9.8-r3	None	possibly vulnerable
libxml2	edge-main	2.9.8-r1	None	possibly vulnerable
libxml2	edge-main	2.9.4-r4	None	possibly vulnerable
libxml2	edge-main	2.9.4-r2	None	possibly vulnerable
libxml2	edge-main	2.9.4-r1	None	possibly vulnerable
libxml2	3.22-main	2.12.7-r0	None	possibly vulnerable
libxml2	3.22-main	2.12.5-r0	None	possibly vulnerable
libxml2	3.22-main	2.10.4-r0	None	possibly vulnerable
libxml2	3.22-main	2.10.3-r0	None	possibly vulnerable
libxml2	3.22-main	2.10.0-r0	None	possibly vulnerable
libxml2	3.22-main	2.9.14-r0	None	possibly vulnerable
libxml2	3.22-main	2.9.13-r0	None	possibly vulnerable
libxml2	3.22-main	2.9.11-r0	None	possibly vulnerable
libxml2	3.22-main	2.9.10-r5	None	possibly vulnerable
libxml2	3.22-main	2.9.10-r4	None	possibly vulnerable
libxml2	3.22-main	2.9.8-r3	None	possibly vulnerable
libxml2	3.22-main	2.9.8-r1	None	possibly vulnerable
libxml2	3.22-main	2.9.4-r4	None	possibly vulnerable
libxml2	3.22-main	2.9.4-r2	None	possibly vulnerable
libxml2	3.22-main	2.9.4-r1	None	possibly vulnerable
libxml2	3.21-main	2.12.7-r0	None	possibly vulnerable
libxml2	3.21-main	2.12.5-r0	None	possibly vulnerable
libxml2	3.21-main	2.10.4-r0	None	possibly vulnerable
libxml2	3.21-main	2.10.3-r0	None	possibly vulnerable
libxml2	3.21-main	2.10.0-r0	None	possibly vulnerable
libxml2	3.21-main	2.9.14-r0	None	possibly vulnerable
libxml2	3.21-main	2.9.13-r0	None	possibly vulnerable
libxml2	3.21-main	2.9.11-r0	None	possibly vulnerable
libxml2	3.21-main	2.9.10-r5	None	possibly vulnerable
libxml2	3.21-main	2.9.10-r4	None	possibly vulnerable
libxml2	3.21-main	2.9.8-r3	None	possibly vulnerable
libxml2	3.21-main	2.9.8-r1	None	possibly vulnerable
libxml2	3.21-main	2.9.4-r4	None	possibly vulnerable
libxml2	3.21-main	2.9.4-r2	None	possibly vulnerable
libxml2	3.21-main	2.9.4-r1	None	possibly vulnerable
libxml2	3.20-main	2.12.7-r3	None	possibly vulnerable
libxml2	3.20-main	2.12.7-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.20-main	2.12.7-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.20-main	2.12.7-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.20-main	2.12.5-r0	None	possibly vulnerable
libxml2	3.20-main	2.10.4-r0	None	possibly vulnerable
libxml2	3.20-main	2.10.3-r0	None	possibly vulnerable
libxml2	3.20-main	2.10.0-r0	None	possibly vulnerable
libxml2	3.20-main	2.9.14-r0	None	possibly vulnerable
libxml2	3.20-main	2.9.13-r0	None	possibly vulnerable
libxml2	3.20-main	2.9.11-r0	None	possibly vulnerable
libxml2	3.20-main	2.9.10-r5	None	possibly vulnerable
libxml2	3.20-main	2.9.10-r4	None	possibly vulnerable
libxml2	3.20-main	2.9.8-r3	None	possibly vulnerable
libxml2	3.20-main	2.9.8-r1	None	possibly vulnerable
libxml2	3.20-main	2.9.4-r4	None	possibly vulnerable
libxml2	3.20-main	2.9.4-r2	None	possibly vulnerable
libxml2	3.20-main	2.9.4-r1	None	possibly vulnerable
libxml2	3.19-main	2.11.8-r3	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.11.8-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.11.8-r1	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.11.8-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.11.7-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.11.6-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.19-main	2.10.4-r0	None	possibly vulnerable
libxml2	3.19-main	2.10.3-r0	None	possibly vulnerable
libxml2	3.19-main	2.10.0-r0	None	possibly vulnerable
libxml2	3.19-main	2.9.14-r0	None	possibly vulnerable
libxml2	3.19-main	2.9.13-r0	None	possibly vulnerable
libxml2	3.19-main	2.9.11-r0	None	possibly vulnerable
libxml2	3.19-main	2.9.10-r5	None	possibly vulnerable
libxml2	3.19-main	2.9.10-r4	None	possibly vulnerable
libxml2	3.19-main	2.9.8-r3	None	possibly vulnerable
libxml2	3.19-main	2.9.8-r1	None	possibly vulnerable
libxml2	3.19-main	2.9.4-r4	None	possibly vulnerable
libxml2	3.19-main	2.9.4-r2	None	possibly vulnerable
libxml2	3.19-main	2.9.4-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages