CVE-2025-12084

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions xml.dom.minidom (affected versions not specified)

Description The software experiences a performance issue when constructing deeply nested XML documents using methods like appendChild(). This is due to a quadratic algorithm within the clear id cache() function, which is triggered when building nested elements. This can lead to availability impacts when processing excessively complex documents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

ALSA-2026:0123

ALSA-2026:1374

ALSA-2026:1408

ALSA-2026:1410

ALSA-2026:1478

ALSA-2026:1631

ALSA-2026:1828

AZL-71441

AZL-71450

BDU:2026-01344

BIT-LIBPYTHON-2025-12084

BIT-PYTHON-2025-12084

BIT-PYTHON-MIN-2025-12084

CVE-2025-12084

ECHO-E2C7-423A-BEB2

MGASA-2025-0324

OESA-2026-1052

OESA-2026-1053

OESA-2026-1054

OESA-2026-1055

OESA-2026-1056

OESA-2026-1057

OPENSUSE-SU-2025:15839-1

OPENSUSE-SU-2025:15840-1

OPENSUSE-SU-2025:15846-1

OPENSUSE-SU-2025:15849-1

OPENSUSE-SU-2025:15850-1

OPENSUSE-SU-2025:15851-1

OPENSUSE-SU-2026:10011-1

OPENSUSE-SU-2026:20081-1

PSF-2025-16

RHSA-2026:0123

RHSA-2026:1374

RHSA-2026:1408

RHSA-2026:1410

RHSA-2026:1478

RHSA-2026:1537

RHSA-2026:1558

RHSA-2026:1582

RHSA-2026:1583

RHSA-2026:1620

RHSA-2026:1631

RHSA-2026:1828

RHSA-2026:1892

RHSA-2026:1893

RHSA-2026:1922

RHSA-2026:2084

RHSA-2026:2233

RHSA-2026:2275

RHSA-2026:2276

RHSA-2026:2330

RHSA-2026:2391

RHSA-2026:2392

RHSA-2026:2393

RHSA-2026:2713

RHSA-2026:7443

RHSA-2026:7661

RHSA-2026:8822

RHSA-2026:8824

SUSE-SU-2025:4522-1

SUSE-SU-2025:4538-1

SUSE-SU-2025:4539-1

SUSE-SU-2026:0024-1

SUSE-SU-2026:0025-1

SUSE-SU-2026:0027-1

SUSE-SU-2026:0130-1

SUSE-SU-2026:0133-1

SUSE-SU-2026:0268-1

SUSE-SU-2026:0299-1

SUSE-SU-2026:0314-1

SUSE-SU-2026:1062-1

SUSE-SU-2026:1107-1

SUSE-SU-2026:1117-1

SUSE-SU-2026:1349-1

SUSE-SU-2026:20047-1

SUSE-SU-2026:20125-1

SUSE-SU-2026:20154-1

SUSE-SU-2026:20374-1

SUSE-SU-2026:20768-1

SUSE-SU-2026:20796-1

USN-8018-1

USN-8018-3

Affected Products

Almalinux

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Xml.Dom.Minidom

CVE-2025-12084

Weakness Enumeration

Related Identifiers

Affected Products

References · 213