CVE-2025-66382

CVE-2025-66382

CVSS 2.9 LOWEPSS 0.2%CWE-407

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

libexpat project · libexpat

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert-portal.siemens.com/productcert/html/ssa-082556.html https://cert-portal.siemens.com/productcert/html/ssa-253495.html https://github.com/libexpat/libexpat/issues/1076 http://www.openwall.com/lists/oss-security/2025/12/02/1