CVE-2025-59375

Updated: 2025-11-19 03:36:05.080822

Description:

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0.0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU expat 2.5.0 5.3 MEDIUM Released CLSA-2025:1764956967 2025-12-05 21:08:06
CentOS 8.4 ELS expat 2.2.5 5.3 MEDIUM Released CLSA-2026:1767799061 2026-01-07 20:32:20 Resolving this issue causes behavioral changes and requires an ABI break
CentOS 8.5 ELS expat 2.2.5 5.3 MEDIUM Released CLSA-2026:1767799681 2026-01-07 20:32:18 Resolving this issue causes behavioral changes and requires an ABI break
CentOS Stream 8 ELS expat 2.2.5 5.3 MEDIUM Released CLSA-2026:1767798754 2026-01-07 20:32:25 Resolving this issue causes behavioral changes and requires an ABI break
TuxCare 9.6 ESU expat 2.5.0 5.3 MEDIUM Released CLSA-2025:1765987202 2025-12-18 19:44:11