CVE-2025-59375

Name
CVE-2025-59375
Description
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
cve@mitre.org https://github.com/libexpat/libexpat/issues/1018
cve@mitre.org https://github.com/libexpat/libexpat/pull/1034
cve@mitre.org https://issues.oss-fuzz.com/issues/439133977
cve@mitre.org https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2025/09/16/2
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/05/01/5
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e https://cert-portal.siemens.com/productcert/html/ssa-082556.html
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e https://cert-portal.siemens.com/productcert/html/ssa-089022.html

Match rules

CPE URI Source package Min version Max version
libexpat >= 0 < 2.7.2
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* libexpat >= None < 2.7.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
expat edge-main 2.7.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
expat 3.22-main 2.7.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
expat 3.21-main 2.7.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
expat 3.20-main 2.7.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
expat 3.19-main 2.7.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed