CVE-2025-6170
Last modified
CVE-2025-6170 is a low-severity vulnerability rated 2.5/10 on the CVSS scale. A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Core Services | All versions |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
| Xmlsoft | Libxml2 | All versions |
References
- https://access.redhat.com/security/cve/CVE-2025-6170Mitigation, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2372952Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-6170?
How severe is CVE-2025-6170?
How do I fix CVE-2025-6170?
Are you affected by CVE-2025-6170?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST