High severityOSV Advisory· Published May 30, 2025· Updated Apr 15, 2026
CVE-2025-48882
CVE-2025-48882
Description
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXML_DTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpoffice/mathPackagist | < 0.3.0 | 0.3.0 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.