CVE-2025-9714
📋 TL;DR
This vulnerability allows a local attacker to cause a stack overflow via crafted XPath expressions in libxml2. It affects applications using libxml2 for XML/XPath processing, potentially leading to denial of service. The issue is in libxml2 versions up to and including 2.9.14.
💻 Affected Systems
- libxml2
- Any software using libxml2 library
📦 What is this software?
Libxml2 by Xmlsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash leading to denial of service, potentially affecting system stability if libxml2 is used in critical system components.
Likely Case
Application instability or crash when processing malicious XPath expressions, resulting in denial of service for affected applications.
If Mitigated
Controlled recursion prevents stack overflow; applications continue normal operation with proper recursion depth limits.
🎯 Exploit Status
Exploitation requires ability to submit crafted XPath expressions to vulnerable applications. No public exploit code is currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: libxml2 version 2.9.15 or later
Vendor Advisory: https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
Restart Required: No
Instructions:
1. Update libxml2 to version 2.9.15 or later using your system package manager. 2. For Debian/Ubuntu: 'sudo apt update && sudo apt upgrade libxml2'. 3. For RHEL/CentOS: 'sudo yum update libxml2'. 4. Recompile any statically linked applications with updated library.
🔧 Temporary Workarounds
Limit XPath expression complexity
allImplement input validation to restrict XPath expression complexity and recursion depth at application level
Disable XPath evaluation
allIf XPath functionality is not required, disable XPath evaluation in application configuration
🧯 If You Can't Patch
- Implement strict input validation for XPath expressions to prevent deep recursion patterns
- Monitor application logs for repeated crashes or abnormal termination related to XML processing
🔍 How to Verify
Check if Vulnerable:
Check libxml2 version: 'xml2-config --version' or 'dpkg -l libxml2' or 'rpm -q libxml2'. If version ≤ 2.9.14, system is vulnerable.Check Version:
xml2-config --version || dpkg -l libxml2 || rpm -q libxml2Verify Fix Applied:
Verify libxml2 version is ≥ 2.9.15 using same commands. Test XPath processing with complex recursive expressions to ensure no crashes.📡 Detection & Monitoring
Log Indicators:
- Application crashes or segmentation faults during XML/XPath processing
- Stack overflow errors in application logs
- Abnormal termination of processes using libxml2
Network Indicators:
- No network indicators - this is a local vulnerability
SIEM Query:
Search for: 'segmentation fault' OR 'stack overflow' OR 'SIGSEGV' in application logs with process names containing xml or xpath