#VU111222 Not qualyfied - CVE-2025-49795
Published: June 17, 2025 / Updated: July 11, 2025
Vulnerability identifier: #VU111222
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-49795
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Software vendor:
Description
This issue does not qualify for vulnerability definition as it is present in the dev code that was never released outside of the dev tree.
The original description:
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xmlSchematronFormatReport() function when processing incorrect XPath expressions in Schematron schema reports. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.