CVE-2025-49795: 
Linux Debian vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2025-49795) was discovered in libxml2 and disclosed on June 11, 2025. The vulnerability is a NULL pointer dereference that occurs when processing XPath XML expressions in the libxml2 library. This security issue affects multiple versions of the software across various distributions including Debian (bullseye, bookworm, sid, trixie) and Red Hat Enterprise Linux systems (Wiz Report, NVD).

The vulnerability is classified as an Expired Pointer Dereference (CWE-825) with a CVSS v3.1 base score of 7.5 (High). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it is remotely exploitable, requires low attack complexity, and needs no privileges or user interaction to exploit. The issue specifically manifests in the xmlSchematronFormatReport function when processing incorrect XPath expressions in Schematron schema reports (Snyk Report, Red Hat Bugzilla).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can result in a total loss of availability, causing a complete denial of service (DoS) condition. The impact is either sustained during the attack or persistent even after the attack has completed. There is no reported impact on the confidentiality or integrity of the system (Wiz Report).

Currently, there is no fixed version available for affected systems. The vulnerability affects multiple versions of libxml2, including versions in Debian bullseye (2.9.10+dfsg-6.7+deb11u4, 2.9.10+dfsg-6.7+deb11u7), bookworm (2.9.14+dfsg-1.3~deb12u1), and sid/trixie (2.12.7+dfsg+really2.9.14-1) (Wiz Report).