CVE-2025-8732 (LOW): detected in Lambda Docker Images.


## CVE Details

| **CVE ID**      | **Severity** | **Affected Package** | **Installed Version** | **Fixed Version** | **Date Published** | **Date of Scan** |
|-----------------|--------------|----------------------|-----------------------|-------------------|--------------------|------------------|
| [CVE-2025-8732](https://avd.aquasec.com/nvd/cve-2025-8732) | `LOW` | `libxml2` | `2.10.4-1.amzn2023.0.13` | `2.10.4-1.amzn2023.0.15` | `2025-08-08T17:15:30.583Z` | `2026-01-23T10:18:54.853771383Z` |

---

## Affected Docker Images

| **Image Name**              | **SHA**                               |
|-----------------------------|---------------------------------------|
| `public.ecr.aws/lambda/provided:latest` | `public.ecr.aws/lambda/provided@sha256:7ad7e21e89618eeaa3842bc089ab924cefa9f8f7df13deae44055ec7f161c0b2` |
| `public.ecr.aws/lambda/provided:al2023` | `public.ecr.aws/lambda/provided@sha256:7ad7e21e89618eeaa3842bc089ab924cefa9f8f7df13deae44055ec7f161c0b2` |
| `public.ecr.aws/lambda/provided:al2` | `public.ecr.aws/lambda/provided@sha256:91999d3f57c058711ba8fd17b0eb25df4309d7df31856d2597e6c065e9d2e87a` |
| `public.ecr.aws/lambda/python:latest` | `public.ecr.aws/lambda/python@sha256:c6a7c7b1af774c2f7832c4d27c35acf554e46013d3dcf15e8c4e7a4b493afeee` |
| `public.ecr.aws/lambda/python:3.14` | `public.ecr.aws/lambda/python@sha256:5ec375e564d79e5d5d18cc8167d9ee9a7a67c931210ed95c508e3be4fcc847ca` |
| `public.ecr.aws/lambda/python:3.13` | `public.ecr.aws/lambda/python@sha256:c6a7c7b1af774c2f7832c4d27c35acf554e46013d3dcf15e8c4e7a4b493afeee` |
| `public.ecr.aws/lambda/python:3.12` | `public.ecr.aws/lambda/python@sha256:5b66b74863cebeabd8e77a56af4b471e3c55559fdcc4c00161040648df0a139d` |
| `public.ecr.aws/lambda/python:3.11` | `public.ecr.aws/lambda/python@sha256:e3ff92d11a35ba659794b89e612a73e17bb009b6075757314cf931b378b90a8a` |
| `public.ecr.aws/lambda/python:3.10` | `public.ecr.aws/lambda/python@sha256:f3ec524265e82a868ae32afd8c3edf2dd3f442ea5470640b0e68c5cb2aadaea4` |
| `public.ecr.aws/lambda/nodejs:latest` | `public.ecr.aws/lambda/nodejs@sha256:b830cbac734ba930710f1278c2e791123ff5ae6bc522fc87b0cc5c0bba87c750` |
| `public.ecr.aws/lambda/nodejs:24` | `public.ecr.aws/lambda/nodejs@sha256:be67ba081682260b6a2b7c96f1baf5e3b7d55670349f2cb918cff770cec2be47` |
| `public.ecr.aws/lambda/nodejs:22` | `public.ecr.aws/lambda/nodejs@sha256:b830cbac734ba930710f1278c2e791123ff5ae6bc522fc87b0cc5c0bba87c750` |
| `public.ecr.aws/lambda/nodejs:20` | `public.ecr.aws/lambda/nodejs@sha256:699d0906d882d77c7cfa17aa4aad9a0d50db85bdc8b8bb77cb8461bd553fc89d` |
| `public.ecr.aws/lambda/java:latest` | `public.ecr.aws/lambda/java@sha256:365ad1c50cbfd071e6cca94310446af32259f9c3b212fa304cec493dd2d88552` |
| `public.ecr.aws/lambda/java:25` | `public.ecr.aws/lambda/java@sha256:1246b477bf67ea4ca5631ea10b83baf3852231819ecce1345bb4dd3eca4f54cf` |
| `public.ecr.aws/lambda/java:21` | `public.ecr.aws/lambda/java@sha256:365ad1c50cbfd071e6cca94310446af32259f9c3b212fa304cec493dd2d88552` |
| `public.ecr.aws/lambda/java:17` | `public.ecr.aws/lambda/java@sha256:d15321d0393dd68c1849e935a72c9a0257c6e910bd4c17bf74e67cab16ab7904` |
| `public.ecr.aws/lambda/java:11` | `public.ecr.aws/lambda/java@sha256:07a9febee8af8bda06d4e7160ea922dfc04b712941643ccd460f5a4a31cf0573` |
| `public.ecr.aws/lambda/java:8.al2` | `public.ecr.aws/lambda/java@sha256:efae07fcc5e8d6256d84fba688337c5e8a8fc8cc746a362eb41d7d779b438b9d` |
| `public.ecr.aws/lambda/dotnet:latest` | `public.ecr.aws/lambda/dotnet@sha256:e4c82c1a52e70615d1b08fd7b0bde3c9b78efe1e51b04fdab595cd8cf401c770` |
| `public.ecr.aws/lambda/dotnet:10` | `public.ecr.aws/lambda/dotnet@sha256:65325095258479f61c22f502912860f53ddfcada4f2daceec3bd00b0e5ceb8a4` |
| `public.ecr.aws/lambda/dotnet:9` | `public.ecr.aws/lambda/dotnet@sha256:e4c82c1a52e70615d1b08fd7b0bde3c9b78efe1e51b04fdab595cd8cf401c770` |
| `public.ecr.aws/lambda/dotnet:8` | `public.ecr.aws/lambda/dotnet@sha256:c300da91ed52bc3bd87e88b73d0272b1a08e7c5362e358d60a09483115d07841` |
| `public.ecr.aws/lambda/ruby:latest` | `public.ecr.aws/lambda/ruby@sha256:2da0e9e05b10cf467edf06ed1687da2eec3bfad156881770830cd259e1b7745e` |
| `public.ecr.aws/lambda/ruby:3.4` | `public.ecr.aws/lambda/ruby@sha256:2da0e9e05b10cf467edf06ed1687da2eec3bfad156881770830cd259e1b7745e` |
| `public.ecr.aws/lambda/ruby:3.3` | `public.ecr.aws/lambda/ruby@sha256:0deddf27c2eb90bb348e188d946ddd312b528670066b99cf1283a1b8ed85e132` |
| `public.ecr.aws/lambda/ruby:3.2` | `public.ecr.aws/lambda/ruby@sha256:4345f89655eba8ada7a695961140ae99d9dfeba48038bdaaa2bef1b110cdf90a` |

---

## Description

> A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all."

---

### Remediation Steps
- Update the affected package `libxml2` from version `2.10.4-1.amzn2023.0.13` to `2.10.4-1.amzn2023.0.15`.

### About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit [Lambda Watchdog](https://lambdawatchdog.com).
- This issue was created automatically by Lambda Watchdog.


Image Name	SHA
`public.ecr.aws/lambda/provided:latest`	`public.ecr.aws/lambda/provided@sha256:7ad7e21e89618eeaa3842bc089ab924cefa9f8f7df13deae44055ec7f161c0b2`
`public.ecr.aws/lambda/provided:al2023`	`public.ecr.aws/lambda/provided@sha256:7ad7e21e89618eeaa3842bc089ab924cefa9f8f7df13deae44055ec7f161c0b2`
`public.ecr.aws/lambda/provided:al2`	`public.ecr.aws/lambda/provided@sha256:91999d3f57c058711ba8fd17b0eb25df4309d7df31856d2597e6c065e9d2e87a`
`public.ecr.aws/lambda/python:latest`	`public.ecr.aws/lambda/python@sha256:c6a7c7b1af774c2f7832c4d27c35acf554e46013d3dcf15e8c4e7a4b493afeee`
`public.ecr.aws/lambda/python:3.14`	`public.ecr.aws/lambda/python@sha256:5ec375e564d79e5d5d18cc8167d9ee9a7a67c931210ed95c508e3be4fcc847ca`
`public.ecr.aws/lambda/python:3.13`	`public.ecr.aws/lambda/python@sha256:c6a7c7b1af774c2f7832c4d27c35acf554e46013d3dcf15e8c4e7a4b493afeee`
`public.ecr.aws/lambda/python:3.12`	`public.ecr.aws/lambda/python@sha256:5b66b74863cebeabd8e77a56af4b471e3c55559fdcc4c00161040648df0a139d`
`public.ecr.aws/lambda/python:3.11`	`public.ecr.aws/lambda/python@sha256:e3ff92d11a35ba659794b89e612a73e17bb009b6075757314cf931b378b90a8a`
`public.ecr.aws/lambda/python:3.10`	`public.ecr.aws/lambda/python@sha256:f3ec524265e82a868ae32afd8c3edf2dd3f442ea5470640b0e68c5cb2aadaea4`
`public.ecr.aws/lambda/nodejs:latest`	`public.ecr.aws/lambda/nodejs@sha256:b830cbac734ba930710f1278c2e791123ff5ae6bc522fc87b0cc5c0bba87c750`
`public.ecr.aws/lambda/nodejs:24`	`public.ecr.aws/lambda/nodejs@sha256:be67ba081682260b6a2b7c96f1baf5e3b7d55670349f2cb918cff770cec2be47`
`public.ecr.aws/lambda/nodejs:22`	`public.ecr.aws/lambda/nodejs@sha256:b830cbac734ba930710f1278c2e791123ff5ae6bc522fc87b0cc5c0bba87c750`
`public.ecr.aws/lambda/nodejs:20`	`public.ecr.aws/lambda/nodejs@sha256:699d0906d882d77c7cfa17aa4aad9a0d50db85bdc8b8bb77cb8461bd553fc89d`
`public.ecr.aws/lambda/java:latest`	`public.ecr.aws/lambda/java@sha256:365ad1c50cbfd071e6cca94310446af32259f9c3b212fa304cec493dd2d88552`
`public.ecr.aws/lambda/java:25`	`public.ecr.aws/lambda/java@sha256:1246b477bf67ea4ca5631ea10b83baf3852231819ecce1345bb4dd3eca4f54cf`
`public.ecr.aws/lambda/java:21`	`public.ecr.aws/lambda/java@sha256:365ad1c50cbfd071e6cca94310446af32259f9c3b212fa304cec493dd2d88552`
`public.ecr.aws/lambda/java:17`	`public.ecr.aws/lambda/java@sha256:d15321d0393dd68c1849e935a72c9a0257c6e910bd4c17bf74e67cab16ab7904`
`public.ecr.aws/lambda/java:11`	`public.ecr.aws/lambda/java@sha256:07a9febee8af8bda06d4e7160ea922dfc04b712941643ccd460f5a4a31cf0573`
`public.ecr.aws/lambda/java:8.al2`	`public.ecr.aws/lambda/java@sha256:efae07fcc5e8d6256d84fba688337c5e8a8fc8cc746a362eb41d7d779b438b9d`
`public.ecr.aws/lambda/dotnet:latest`	`public.ecr.aws/lambda/dotnet@sha256:e4c82c1a52e70615d1b08fd7b0bde3c9b78efe1e51b04fdab595cd8cf401c770`
`public.ecr.aws/lambda/dotnet:10`	`public.ecr.aws/lambda/dotnet@sha256:65325095258479f61c22f502912860f53ddfcada4f2daceec3bd00b0e5ceb8a4`
`public.ecr.aws/lambda/dotnet:9`	`public.ecr.aws/lambda/dotnet@sha256:e4c82c1a52e70615d1b08fd7b0bde3c9b78efe1e51b04fdab595cd8cf401c770`
`public.ecr.aws/lambda/dotnet:8`	`public.ecr.aws/lambda/dotnet@sha256:c300da91ed52bc3bd87e88b73d0272b1a08e7c5362e358d60a09483115d07841`
`public.ecr.aws/lambda/ruby:latest`	`public.ecr.aws/lambda/ruby@sha256:2da0e9e05b10cf467edf06ed1687da2eec3bfad156881770830cd259e1b7745e`
`public.ecr.aws/lambda/ruby:3.4`	`public.ecr.aws/lambda/ruby@sha256:2da0e9e05b10cf467edf06ed1687da2eec3bfad156881770830cd259e1b7745e`
`public.ecr.aws/lambda/ruby:3.3`	`public.ecr.aws/lambda/ruby@sha256:0deddf27c2eb90bb348e188d946ddd312b528670066b99cf1283a1b8ed85e132`
`public.ecr.aws/lambda/ruby:3.2`	`public.ecr.aws/lambda/ruby@sha256:4345f89655eba8ada7a695961140ae99d9dfeba48038bdaaa2bef1b110cdf90a`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2025-8732 (LOW): detected in Lambda Docker Images. #382

CVE Details

Affected Docker Images

Description

Remediation Steps

About this issue

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2025-8732 (LOW): detected in Lambda Docker Images. #382

Description

CVE Details

Affected Docker Images

Description

Remediation Steps

About this issue

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions