High severity7.5NVD Advisory· Published Sep 15, 2025· Updated May 12, 2026
CVE-2025-59375
CVE-2025-59375
Description
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Affected products
1Patches
17643f96bd5b9Merge pull request #1038 from libexpat/prepare-release
22 files changed · +35 −32
.ci.sh+1 −1 modified@@ -6,7 +6,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2017 Rolf Eike Beer <eike@sf-mail.de> # Copyright (c) 2019 Mohammed Khajapasha <mohammed.khajapasha@intel.com> # Copyright (c) 2019 Manish, Kumar <manish3.kumar@intel.com>
expat/Changes+4 −1 modified@@ -41,7 +41,7 @@ !! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -Release 2.7.2 ??? ????? ?? ???? +Release 2.7.2 Tue September 16 2025 Security fixes: #1018 #1034 CVE-2025-59375 -- Disallow use of disproportional amounts of dynamic memory from within an Expat parser (e.g. previously @@ -93,6 +93,9 @@ Release 2.7.2 ??? ????? ?? ???? #1011 Add const with internal XmlInitUnknownEncodingNS #14 #1037 Drop an OpenVMS support leftover #999 #1001 Address more clang-tidy warnings + #1030 #1038 Version info bumped from 11:2:10 (libexpat*.so.1.10.2) + to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/ + for what these numbers do Infrastructure: #1003 CI: Cover compilation on FreeBSD
expat/CMakeLists.txt+4 −4 modified@@ -39,7 +39,7 @@ cmake_minimum_required(VERSION 3.15.0) project(expat VERSION - 2.7.1 + 2.7.2 LANGUAGES C ) @@ -464,9 +464,9 @@ foreach(build_type_upper set_property(TARGET expat PROPERTY ${build_type_upper}_POSTFIX ${EXPAT_${build_type_upper}_POSTFIX}) endforeach() -set(LIBCURRENT 11) # sync -set(LIBREVISION 2) # with -set(LIBAGE 10) # configure.ac! +set(LIBCURRENT 12) # sync +set(LIBREVISION 0) # with +set(LIBAGE 11) # configure.ac! math(EXPR LIBCURRENT_MINUS_AGE "${LIBCURRENT} - ${LIBAGE}") if(NOT WIN32)
expat/CMake.README+6 −6 modified@@ -3,25 +3,25 @@ The cmake based buildsystem for expat works on Windows (cygwin, mingw, Visual Studio) and should work on all other platform cmake supports. -Assuming ~/expat-2.7.1 is the source directory of expat, add a subdirectory +Assuming ~/expat-2.7.2 is the source directory of expat, add a subdirectory build and change into that directory: -~/expat-2.7.1$ mkdir build && cd build -~/expat-2.7.1/build$ +~/expat-2.7.2$ mkdir build && cd build +~/expat-2.7.2/build$ From that directory, call cmake first, then call make, make test and make install in the usual way: -~/expat-2.7.1/build$ cmake .. +~/expat-2.7.2/build$ cmake .. -- The C compiler identification is GNU -- The CXX compiler identification is GNU .... -- Configuring done -- Generating done --- Build files have been written to: /home/patrick/expat-2.7.1/build +-- Build files have been written to: /home/patrick/expat-2.7.2/build If you want to specify the install location for your files, append -DCMAKE_INSTALL_PREFIX=/your/install/path to the cmake call. -~/expat-2.7.1/build$ make && make test && make install +~/expat-2.7.2/build$ make && make test && make install Scanning dependencies of target expat [ 5%] Building C object CMakeFiles/expat.dir/lib/xmlparse.c.o [ 11%] Building C object CMakeFiles/expat.dir/lib/xmlrole.c.o
expat/configure.ac+3 −3 modified@@ -84,9 +84,9 @@ dnl dnl If the API changes incompatibly set LIBAGE back to 0 dnl -LIBCURRENT=11 # sync -LIBREVISION=2 # with -LIBAGE=10 # CMakeLists.txt! +LIBCURRENT=12 # sync +LIBREVISION=0 # with +LIBAGE=11 # CMakeLists.txt! AC_CONFIG_HEADERS([expat_config.h]) AH_TOP([#ifndef EXPAT_CONFIG_H
expat/doc/reference.html+1 −1 modified@@ -52,7 +52,7 @@ <div> <h1> The Expat XML Parser - <small>Release 2.7.1</small> + <small>Release 2.7.2</small> </h1> </div> <div class="content">
expat/doc/xmlwf.xml+1 −1 modified@@ -21,7 +21,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ <!ENTITY dhfirstname "<firstname>Scott</firstname>"> <!ENTITY dhsurname "<surname>Bronson</surname>"> - <!ENTITY dhdate "<date>March 27, 2025</date>"> + <!ENTITY dhdate "<date>September 16, 2025</date>"> <!-- Please adjust this^^ date whenever cutting a new release. --> <!ENTITY dhsection "<manvolnum>1</manvolnum>"> <!ENTITY dhemail "<email>bronson@rinspin.com</email>">
expat/lib/expat.h+1 −1 modified@@ -1081,7 +1081,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); */ # define XML_MAJOR_VERSION 2 # define XML_MINOR_VERSION 7 -# define XML_MICRO_VERSION 1 +# define XML_MICRO_VERSION 2 # ifdef __cplusplus }
expat/lib/xmlparse.c+1 −1 modified@@ -1,4 +1,4 @@ -/* d19ae032c224863c1527ba44d228cc34b99192c3a4c5a27af1f4e054d45ee031 (2.7.1+) +/* 60e137abb91af642d6c3988f8f133d23329b32638659c74d47125fc0faf6ddd5 (2.7.2+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __|
expat/README.md+1 −1 modified@@ -11,7 +11,7 @@ > at the top of the `Changes` file. -# Expat, Release 2.7.1 +# Expat, Release 2.7.2 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by
expat/tests/alloc_tests.c+1 −1 modified@@ -10,7 +10,7 @@ Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net> Copyright (c) 2005-2007 Steven Solie <steven@solie.ca> Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net> - Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2017 Joe Orton <jorton@redhat.com> Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com>
expat/tests/handlers.c+1 −1 modified@@ -10,7 +10,7 @@ Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net> Copyright (c) 2005-2007 Steven Solie <steven@solie.ca> Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net> - Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2017 Joe Orton <jorton@redhat.com> Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com>
expat/tests/misc_tests.c+1 −1 modified@@ -211,7 +211,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.7.1")) + if (xcstrcmp(version_text, XCS("expat_2.7.2")) != 0) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); }
expat/tests/nsalloc_tests.c+1 −1 modified@@ -10,7 +10,7 @@ Copyright (c) 2003 Greg Stein <gstein@users.sourceforge.net> Copyright (c) 2005-2007 Steven Solie <steven@solie.ca> Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net> - Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2017 Joe Orton <jorton@redhat.com> Copyright (c) 2017 José Gutiérrez de la Concha <jose@zeroc.com>
expat/win32/build_expat_iss.bat+1 −1 modified@@ -7,7 +7,7 @@ REM | __// \| |_) | (_| | |_ REM \___/_/\_\ .__/ \__,_|\__| REM |_| XML parser REM -REM Copyright (c) 2019-2024 Sebastian Pipping <sebastian@pipping.org> +REM Copyright (c) 2019-2025 Sebastian Pipping <sebastian@pipping.org> REM Licensed under the MIT license: REM REM Permission is hereby granted, free of charge, to any person obtaining
expat/win32/expat.iss+1 −1 modified@@ -38,7 +38,7 @@ ; OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ; USE OR OTHER DEALINGS IN THE SOFTWARE. -#define expatVer "2.7.1" +#define expatVer "2.7.2" [Setup] AppName=Expat
expat/xmlwf/unixfilemap.c+1 −1 modified@@ -10,7 +10,7 @@ Copyright (c) 2000 Clark Cooper <coopercc@users.sourceforge.net> Copyright (c) 2001-2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Copyright (c) 2006 Karl Waclawek <karl@waclawek.net> - Copyright (c) 2016-2017 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk> Licensed under the MIT license:
expat/xmlwf/xmlfile.c+1 −1 modified@@ -11,7 +11,7 @@ Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Copyright (c) 2004-2006 Karl Waclawek <karl@waclawek.net> Copyright (c) 2005-2007 Steven Solie <steven@solie.ca> - Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Copyright (c) 2021 Donghee Na <donghee.na@python.org>
expat/xmlwf/xmlwf.c+1 −1 modified@@ -11,7 +11,7 @@ Copyright (c) 2001-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> Copyright (c) 2004-2009 Karl Waclawek <karl@waclawek.net> Copyright (c) 2005-2007 Steven Solie <steven@solie.ca> - Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org> + Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk> Copyright (c) 2019 David Loffredo <loffredo@steptools.com> Copyright (c) 2020 Joe Orton <jorton@redhat.com>
expat/xmlwf/xmlwf_helpgen.py+1 −1 modified@@ -6,7 +6,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2019-2023 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2019-2025 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2021 Tim Bray <tbray@textuality.com> # Licensed under the MIT license: #
.github/workflows/clang-format.yml+1 −1 modified@@ -5,7 +5,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2021-2025 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2023 Joyce Brum <joycebrum@google.com> # Licensed under the MIT license: #
.github/workflows/clang-tidy.yml+1 −1 modified@@ -5,7 +5,7 @@ # \___/_/\_\ .__/ \__,_|\__| # |_| XML parser # -# Copyright (c) 2021-2024 Sebastian Pipping <sebastian@pipping.org> +# Copyright (c) 2021-2025 Sebastian Pipping <sebastian@pipping.org> # Copyright (c) 2023 Joyce Brum <joycebrum@google.com> # Licensed under the MIT license: #
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/libexpat/libexpat/issues/1018nvdExploitIssue Tracking
- issues.oss-fuzz.com/issues/439133977nvdExploitIssue Tracking
- github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/ChangesnvdProduct
- github.com/libexpat/libexpat/blob/R_2_7_2/expat/ChangesnvdProduct
- github.com/libexpat/libexpat/pull/1034nvdIssue Tracking
- www.openwall.com/lists/oss-security/2025/09/16/2nvd
- www.openwall.com/lists/oss-security/2026/05/01/5nvd
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-089022.htmlnvd
News mentions
0No linked articles in our index yet.