CVE-2025-6170: 
CBL Mariner vulnerability analysis and mitigation

A flaw was discovered in the interactive shell of the xmllint command-line tool, used for parsing XML files. The vulnerability (CVE-2025-6170) was reported on June 16, 2025, and is characterized by improper input size checking when processing user commands. The issue affects the libxml2 library's xmllint tool, specifically its interactive shell mode (NVD, Wiz).

The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121) caused by unsafe use of strcpy() when processing user-supplied command-line input. The CVSS v3.1 base score is 2.5 (Low) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L, indicating local attack vector, high attack complexity, no privileges required, and user interaction required (NVD, Wiz).

The impact of this vulnerability is primarily limited to availability, as it can cause the program to crash. While there is potential for arbitrary code execution in rare configurations without modern protections, the real-world impact is considered low due to the specific conditions required for exploitation (Wiz).

Currently, no immediate mitigation is available that meets Red Hat Product Security criteria for ease of use, deployment, and stability. It is recommended to apply the upstream patch once it becomes available (Wiz).

The Red Hat Product Security team has rated the severity of this vulnerability as Low, since it affects only the interactive shell mode of xmllint (Red Hat).