PT-2025-37445 · Expat+11 · Expat+11

Published

2025-09-14

Updated

2026-05-26

CVE-2025-59375

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.7.2

Description libexpat allows attackers to trigger large dynamic memory allocations via a small document submitted for parsing. This can lead to crashes or unpredictable behavior.

Recommendations Update to a version of Expat greater than or equal to 2.7.2.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2025:19403

ALSA-2025:21030

ALSA-2025:21776

ALSA-2025:21974

ALSA-2025:22175

ALSA-2026:10950

ALSA-2026:19064

ALSA-2026:19177

ALSA-2026:3407

AZL-67328

AZL-67359

BDU:2025-12925

CESA-2025_21776

CESA-2025_21974

CLEANSTART-2026-BM51903

CLEANSTART-2026-EQ71754

CLEANSTART-2026-NR68832

CLEANSTART-2026-SY44974

CLEANSTART-2026-WV76464

CVE-2025-59375

ECHO-2C23-61D7-7EC0

INFSA-2025_21776

INFSA-2025_21974

INFSA-2025_22175

MGASA-2025-0240

MGASA-2026-0080

MGASA-2026-0081

OESA-2025-2454

OESA-2025-2455

OESA-2025-2456

OESA-2025-2457

OESA-2025-2458

OESA-2025-2459

OESA-2026-1705

OESA-2026-1706

OESA-2026-1707

OESA-2026-1708

OESA-2026-1709

OESA-2026-1993

OESA-2026-1994

OPENSUSE-SU-2025:15573-1

OPENSUSE-SU-2025:20055-1

OPENSUSE-SU-2026:10413-1

OPENSUSE-SU-2026:10447-1

OPENSUSE-SU-2026:10458-1

OPENSUSE-SU-2026:20439-1

OPENSUSE-SU-2026:20664-1

RHSA-2025:19403

RHSA-2025:21030

RHSA-2025:21773

RHSA-2025:21776

RHSA-2025:21974

RHSA-2025:22175

RHSA-2025_21776

RHSA-2025_21974

RHSA-2025_22175

RHSA-2026:0001

RHSA-2026:0076

RHSA-2026:0077

RHSA-2026:0078

RHSA-2026:10950

RHSA-2026:19064

RHSA-2026:19177

RHSA-2026:3407

RHSA-2026:5396

SUSE-SU-2025:03508-1

SUSE-SU-2025:03536-1

SUSE-SU-2025:03537-1

SUSE-SU-2025:03624-1

SUSE-SU-2025:20868-1

SUSE-SU-2025:20895-1

SUSE-SU-2025:21006-1

SUSE-SU-2025:21028-1

SUSE-SU-2025_03508-1

SUSE-SU-2025_03536-1

SUSE-SU-2025_03537-1

SUSE-SU-2025_03624-1

SUSE-SU-2025_21006-1

SUSE-SU-2026:1126-1

SUSE-SU-2026:1127-1

SUSE-SU-2026:1163-1

SUSE-SU-2026:20978-1

USN-8022-1

Affected Products

Almalinux

Centos

Debian

Expat

Ibm Aix

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-59375

Weakness Enumeration

Related Identifiers

Affected Products

References · 344