All vulnerabilities
CVE-2025-24855
Description
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
7.8
Severity
High
Ecosystem
RPM
Publish Date
May 8, 2026
Modified Date
May 8, 2026
Score Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Versions
