Summary The libxml2 library is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32414 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. CWE:CWE-393: Return of Wrong Status Code CVSS Source: NVD CVSS Base score: 7.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— HMC V10.3.1050.0| V10.3.1050.0 HMC V11.1.1110.0| V11.1.1110.0 Remediation/Fixes The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/ Product | VRMF | APAR | Remediation/Fix —|—|—|— Power HMC | V10.3.1060.0 SP2 x86 | MB04499 | MF71734 Power HMC | V10.3.1060.0 SP2 ppc | MB04500 | MF71735 Power HMC | V11.1.1110.0 x86 | MB04497 | MF71732 Power HMC | V11.1.1110.0 ppc | MB04498 | MF71733 Workarounds and Mitigations…Read More
Security Bulletin: Vulnerability in libxml2 library (CVE-2025-32414) affects Power HMC.
