vulnerability
FreeBSD: VID-a96cd659-303e-11f0-94b5-54ee755069b5 (CVE-2025-24855): libxslt -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | May 13, 2025 | May 15, 2025 | Mar 25, 2026 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:C)
Published
May 13, 2025
Added
May 15, 2025
Modified
Mar 25, 2026
Description
[CVE-2024-55549] Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. [CVE-2025-24855] Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Solution
freebsd-upgrade-package-libxslt
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.