CVE-2025-8732
LOWCVSS v3.1: 3.3 · EPSS: 0.0003 (7.4 percentile)
Source data as of:
At a glance
- Severity
- LOW
- CVSS
- 3.3 v3.1 · NVD
- EPSS
- 0.0003 (7.4 percentile) · FIRST.org
- CISA KEV
- No
- Type
- Uncontrolled Recursion · NVD CWE
- Attack conditions (CVSS vector)
- No user interaction · Source: NVD Vector
- Published
- 2025-08-08 · Modified: 2026-06-02
- References
- Jump to references (7)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link
- Reference https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
- Reference https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853
- Reference https://vuldb.com/?ctiid.319228
- Reference https://vuldb.com/?id.319228
- Reference https://vuldb.com/?submit.622285
- Vendor advisory https://cert-portal.siemens.com/productcert/html/ssa-253495.html