CVE-2025-59375

CWE-770Allocation without Limits29 documents12 sources
Severity
7.5HIGH
EPSS
0.1%
top 81.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexpat Project Libexpat
Timeline
PublishedSep 15
Latest updateFeb 11

Description

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

CVEListV5libexpat_project/libexpat< 2.7.2
Debianexpat< 2.7.2-1
Ubuntuexpat< 2.4.7-1ubuntu0.7+5
Debianfirefox-esr< 140.9.0esr-1~deb11u1+3

🔴Vulnerability Details

4
OSV
expat vulnerabilities2026-02-10
GHSA
GHSA-vjqp-pjp6-xcxx: libexpat in Expat before 22025-09-15
OSV
CVE-2025-59375: libexpat in Expat before 22025-09-15
CVEList
CVE-2025-59375: libexpat in Expat before 22025-09-15

📋Vendor Advisories

23
Apple
CVE-2025-59375: macOS Sonoma 14.8.42026-02-11
Apple
CVE-2025-59375: macOS Sequoia 15.7.42026-02-11
Apple
CVE-2025-59375: macOS Tahoe 26.32026-02-11
Apple
CVE-2026-20667: macOS Sonoma 14.8.42026-02-11
Apple
CVE-2025-59375: iOS 26.3 and iPadOS 26.32026-02-11

💬Community

1
Bugzilla
CVE-2025-59375 libexpat before 2.7.2 allows attackers to trigger large dynamic memory allocations via parsing a small document2025-09-15