CVE-2025-11731

Low CVSS: 3.1

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Vendor

Product

CWE

CWE-843

Yayın Tarihi

2025-10-14 06:15:34

Güncelleme

2025-10-15 18:15:35

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-843 LOW 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78