CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).

high 7.5 CVSS 3.1

Published: Dec 26, 2025

Modified: Dec 31, 2025

Product: Libxmljs

Versions: 1.0.11

Description

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).

References

https://github.com/libxmljs/libxmljs/issues/667

CVSS Breakdown

Version	3.1
Score	7.5 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness (CWE)

CWE-400

Affected Product

Vendor	Libxmljs Project
Product	Libxmljs
Versions	1.0.11