Home

Description

A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.

PUBLISHED Reserved 2025-11-07 | Published 2025-11-07 | Updated 2025-11-07 | Assigner redhat




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Use After Free

Product status

Default status
affected

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-11-07:Reported to Red Hat.
2025-11-07:Made public.

Credits

Red Hat would like to thank Ahmed Lekssays for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-12863 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2413323 (RHBZ#2413323) issue-tracking

cve.org (CVE-2025-12863)

nvd.nist.gov (CVE-2025-12863)

Download JSON