CVE-2025-59375
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
| CWE | CWE-770 |
| Vendor | libexpat project |
| Product | libexpat |
| Published | Sep 15, 2025 |
| Last Updated | May 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for libexpat project libexpat
Be the first to know when new high vulnerabilities affecting libexpat project libexpat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
libexpat project / libexpat
0 < 2.7.2
References
github.com: https://github.com/libexpat/libexpat/issues/1018 github.com: https://github.com/libexpat/libexpat/pull/1034 github.com: https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 issues.oss-fuzz.com: https://issues.oss-fuzz.com/issues/439133977 github.com: https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes openwall.com: http://www.openwall.com/lists/oss-security/2025/09/16/2 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/01/5