Security Advisory Description CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Impact An attacker can exploit this vulnerability to execute arbitrary code, potentially causing significant disruptions or unauthorized actions within the affected…Read More
K000152944: libxslt vulnerability CVE-2025-24855, CVE-2024-55549
