CVE-2026-25210 — Integer Overflow or Wraparound in Project Libexpat

CWE-190 — Integer Overflow or Wraparound13 documents8 sources

Severity

7.8HIGHNVD

CNA6.9

EPSS

0.0%

top 99.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexpat Project Libexpat

Timeline

PublishedJan 30

Latest updateFeb 16

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5libexpat_project/libexpat< 2.7.4

▶NVDlibexpat_project/libexpat< 2.7.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

expat vulnerabilities↗2026-02-16

▶

OSV

libxmltok vulnerabilities↗2026-02-11

▶

OSV

expat vulnerabilities↗2026-02-10

▶

GHSA

GHSA-857q-6v86-xp84: In libexpat before 2↗2026-01-30

▶

OSV

CVE-2026-25210: In libexpat before 2↗2026-01-30

▶

📋Vendor Advisories

Ubuntu

Expat vulnerabilities↗2026-02-16

▶

Ubuntu

xmltok library vulnerabilities↗2026-02-11

▶

Ubuntu

Expat vulnerabilities↗2026-02-10

▶

Red Hat

libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation↗2026-01-30

▶

Debian

CVE-2026-25210: expat - In libexpat before 2.7.4, the doContent function does not properly determine the...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25210 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶