Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Published

2025-09-15T03:15:40.920

Last Modified

2025-11-04T22:16:34.927

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libexpat_project	libexpat	< 2.7.2	Yes

References

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 Product ([email protected])
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes Product ([email protected])
https://github.com/libexpat/libexpat/issues/1018 Exploit, Issue Tracking ([email protected])
https://github.com/libexpat/libexpat/pull/1034 Issue Tracking ([email protected])
https://issues.oss-fuzz.com/issues/439133977 Exploit, Issue Tracking ([email protected])
http://www.openwall.com/lists/oss-security/2025/09/16/2 (af854a3a-2127-422b-91ae-364da2661108)