CVE-2025-24855

HIGH | Platform: visionOS | Changelog

CVE Details

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

CVSS 3.1 Score

Metric	Value
Base Score	7.8 (HIGH)
Vector	`CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H`

Weakness

CWE-416

References

Apple Security Advisory
NVD Entry
https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 (Exploit, Issue Tracking, Vendor Advisory)
https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html