7.5

CVE-2025-59375

Medienbericht
Exploit
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexpat ProjectLibexpat Version < 2.7.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.28% 0.662
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.11.2025 13:11
https://github.com/libexpat/libexpat/issues/1018
Exploit
Issue Tracking
https://github.com/libexpat/libexpat/pull/1034
Issue Tracking
https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
Product
https://issues.oss-fuzz.com/issues/439133977
Exploit
Issue Tracking
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
Product
http://www.openwall.com/lists/oss-security/2025/09/16/2
http://www.openwall.com/lists/oss-security/2026/05/01/5
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-089022.html