Home

Description

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

PUBLISHED Reserved 2025-10-14 | Published 2025-10-14 | Updated 2025-11-21 | Assigner redhat




LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Problem types

Access of Resource Using Incompatible Type ('Type Confusion')

Product status

Default status
unaffected

Any version before 1.1.44
affected

Default status
affected

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-10-14:Reported to Red Hat.
2025-10-14:Made public.

Credits

Red Hat would like to thank Google Big Sleep for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-11731 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2403688 (RHBZ#2403688) issue-tracking

gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78

cve.org (CVE-2025-11731)

nvd.nist.gov (CVE-2025-11731)

Download JSON