CVE-2025-24928: Buffer Overflow
First published: Tue Feb 18 2025(Updated: )
Last updated 25 February 2025
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libxml2 | <2.12.10>2.13.0<=2.13.6 | |
| debian/libxml2 | <=2.9.10+dfsg-6.7+deb11u4<=2.9.14+dfsg-1.3~deb12u1<=2.12.7+dfsg+really2.9.14-0.2<=2.12.7+dfsg+really2.9.14-0.3 | 2.9.10+dfsg-6.7+deb11u6 |
| IBM MQ | <=SC2: v3.2.0 - v3.2.10CD: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 LTS: v2.0.0 - 2.0.29 Other Release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2 | |
| IBM MQ Advanced | <=CD: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2LTS: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2 Other Release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
- https://nvd.nist.gov/vuln/detail/CVE-2025-24928
- https://launchpad.net/bugs/cve/CVE-2025-24928
- https://security-tracker.debian.org/tracker/CVE-2025-24928
- https://ubuntu.com/security/CVE-2025-24928
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- https://www.openwall.com/lists/oss-security/2025/02/18/2
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/8c8753ad5280ee13aee5eec9b0f6eee2ed920f57
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/858ca26c0689161a6b903a6682cc8a1cc10a0ea8
- https://issues.oss-fuzz.com/issues/392687022
- https://security.netapp.com/advisory/ntap-20250321-0006/
- https://access.redhat.com/security/cve/CVE-2017-9047
- https://access.redhat.com/errata/RHSA-2025:2482
- https://access.redhat.com/errata/RHSA-2025:2483
- https://access.redhat.com/errata/RHSA-2025:2507
- https://access.redhat.com/errata/RHSA-2025:2513
- https://access.redhat.com/errata/RHSA-2025:2654
- https://access.redhat.com/errata/RHSA-2025:2660
- https://access.redhat.com/errata/RHSA-2025:2673
- https://access.redhat.com/errata/RHSA-2025:2678
- https://access.redhat.com/errata/RHSA-2025:2679
- https://access.redhat.com/errata/RHSA-2025:2686
- https://access.redhat.com/errata/RHSA-2025:3055
- https://access.redhat.com/errata/RHSA-2025:3297
- https://access.redhat.com/errata/RHSA-2025:3453
- https://access.redhat.com/errata/RHSA-2025:3301
- https://access.redhat.com/errata/RHSA-2025:3569
- https://access.redhat.com/errata/RHSA-2025:3573
- https://access.redhat.com/errata/RHSA-2025:3775
- https://access.redhat.com/errata/RHSA-2025:3780
- https://bugzilla.redhat.com/show_bug.cgi?id=2346421
- https://www.ibm.com/support/pages/node/7232272 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2025-24928?
CVE-2025-24928 is classified as a high severity vulnerability due to the potential for remote code execution from a stack-based buffer overflow.
How do I fix CVE-2025-24928?
To fix CVE-2025-24928, update libxml2 to version 2.12.10 or 2.13.6 or later.
What versions of libxml2 are affected by CVE-2025-24928?
Versions of libxml2 before 2.12.10 and from 2.13.0 to before 2.13.6 are affected by CVE-2025-24928.
What conditions are required to exploit CVE-2025-24928?
Exploitation of CVE-2025-24928 requires DTD validation to occur for an untrusted document or untrusted DTD.
Is CVE-2025-24928 similar to any other vulnerabilities?
Yes, CVE-2025-24928 is similar to CVE-2017-9047, which also involves a stack-based buffer overflow in libxml2.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/severity
- agent/trending
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-24928
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/gnome
- canonical/libxml2
- package-manager/debian
- vendor/ibm
- canonical/ibm mq
- version/ibm mq/sc2: v3.2.0 - v3.2.10cd: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 lts: v2.0.0 - 2.0.29 other release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
- canonical/ibm mq advanced
- version/ibm mq advanced/cd: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2lts: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2 other release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2