cve 2025 7425

CVE-2025-7425 is a heap use-after-free vulnerability in libxslt, the widely used open-source XSLT processor. This bug allows specially crafted stylesheets to corrupt internal attribute metadata, potentially causing crashes or destabilizing applications that compile or process XSLT. The vulnerability can lead to sustained or persistent denial-of-service for services that accept untrusted XSLT input. libxslt is commonly used in server-side tools, application libraries, and bundled Windows/Linux applications for XML-to-HTML or text transformations. Users should apply patches or updates from their software vendors to mitigate this vulnerability.