CVE-2025-12863

DOCUMENTATION: A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory region when the original document is destroyed. As a result, subsequent operations that access the namespace can lead to a use-after-free condition, causing an application crash. 

            STATEMENT: The Red Hat Product Security team has assessed the severity of this vulnerability as High, given that it can be remotely triggered through crafted XML content without authentication or user interaction. Successful exploitation allows attackers to crash services or applications that rely on libxml2 for XML document manipulation or serialization.

            MITIGATION: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.