Not qualyfied - CVE-2025-49795
Published: June 17, 2025 / Updated: July 11, 2025
Vulnerability identifier: #VU111222
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-49795
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
This issue does not qualify for vulnerability definition as it is present in the dev code that was never released outside of the dev tree.
The original description:
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xmlSchematronFormatReport() function when processing incorrect XPath expressions in Schematron schema reports. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
How to mitigate CVE-2025-49795
Install update from vendor's website.