PT-2025-35498 · Pypi+5 · Xmltodict+5

Camilo Vera

·

Published

2025-09-01

·

Updated

2026-02-09

·

CVE-2025-9375

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions xmltodict version 0.14.2
Description An XML Injection vulnerability exists in xmltodict, allowing for Input Data Manipulation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

BDU:2026-03621
CVE-2025-9375
ECHO-CF28-0EB1-0DB4
OESA-2025-2336
OPENSUSE-SU-2025:15539-1
SUSE-SU-2025:03457-1
SUSE-SU-2025:03511-1
SUSE-SU-2025_03457-1
SUSE-SU-2025_03511-1
USN-7753-1

Affected Products

Debian
Linuxmint
Red Os
Suse
Ubuntu
Xmltodict