Home > Vulnerability Database > CVE-2025-12863

Mend.io Vulnerability Database

CVE-2025-12863

Good to know:

Date: November 7, 2025

A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash.

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12863

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2413323

Url: https://access.redhat.com/security/cve/CVE-2025-12863

Url: https://www.mend.io/vulnerability-database/CVE-2025-12863

Severity Score

7.5

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12863

Good to know:

Date: November 7, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?