CVE-2025-59375
Advisory lineage Upstream: 0 Downstream: 51
Modified
Published: 15 Sept 2025, 00:00
Last modified:12 May 2026, 12:08
Vulnerability Summary
Overall Risk (default)
medium
40/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.1% LOW
0% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
15 Sept 2025, 00:00
Published
Vulnerability first disclosed
12 May 2026, 12:08
Last Modified
Vulnerability information updated
Description
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.10%• Percentile: 28%
Techniques & Countermeasures
- CWE-770•Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Affected Systems
- libexpat_project•libexpat
< 2.7.2
References (9)
- https://github.com/libexpat/libexpat/issues/1018
- https://github.com/libexpat/libexpat/pull/1034
- https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
- https://issues.oss-fuzz.com/issues/439133977
- https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
- http://www.openwall.com/lists/oss-security/2025/09/16/2
- http://www.openwall.com/lists/oss-security/2026/05/01/5
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-089022.html