CVE-2025-6170 LOW

Published: 2025-06-16 | Last Modified: 2026-06-02 | Status: Modified

Description

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Additional Descriptions (1)

Se detectó una falla en el shell interactivo de la herramienta de línea de comandos xmllint, utilizada para analizar archivos XML. Cuando un usuario introduce un comando demasiado largo, el programa no verifica correctamente el tamaño de entrada, lo que puede provocar un bloqueo. Este problema podría permitir a los atacantes ejecutar código dañino en configuraciones poco comunes sin protecciones modernas.

CVSS Metrics

Base Score: 2.5 (LOW)

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector	LOCAL
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	LOW

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 1.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-121

Affected Products

Vendor	Product	Version	Update	Type
redhat	jboss_core_services	-	<built-in method update of dict object at 0x7f764032c180>	Application
redhat	openshift_container_platform	4.0	<built-in method update of dict object at 0x7f763806b880>	Application
redhat	enterprise_linux	6.0	<built-in method update of dict object at 0x7f7638068640>	Operating System
redhat	enterprise_linux	7.0	<built-in method update of dict object at 0x7f763806b640>	Operating System
redhat	enterprise_linux	8.0	<built-in method update of dict object at 0x7f764032ca00>	Operating System
redhat	enterprise_linux	9.0	<built-in method update of dict object at 0x7f764032fd80>	Operating System
redhat	enterprise_linux	10.0	<built-in method update of dict object at 0x7f7638069f40>	Operating System
xmlsoft	libxml2	-	<built-in method update of dict object at 0x7f7638069700>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:jboss_core_services:-:::::::*`
Yes	`cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:xmlsoft:libxml2:-:::::::*`

References

https://access.redhat.com/errata/RHSA-2026:7519
Source: [email protected]
https://access.redhat.com/security/cve/CVE-2025-6170
Source: [email protected]

Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2372952
Source: [email protected]

Issue Tracking Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
Source: [email protected]
https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e