Low severity2.8NVD Advisory· Published Nov 28, 2025· Updated Apr 15, 2026
CVE-2025-66372
CVE-2025-66372
Description
Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.mustangproject:libraryMaven | < 2.16.3 | 2.16.3 |
org.mustangproject:validatorMaven | < 2.16.3 | 2.16.3 |
Affected products
2- ghsa-coords2 versions
< 2.16.3+ 1 more
- (no CPE)range: < 2.16.3
- (no CPE)range: < 2.16.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x832-fpvj-r5phghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66372ghsaADVISORY
- github.com/ZUGFeRD/mustangproject/commit/6461dad8d3d7876547155dacbd28b458f1eb2e0bghsaWEB
- github.com/ZUGFeRD/mustangproject/issues/685nvdWEB
- github.com/ZUGFeRD/mustangproject/pull/725nvdWEB
- github.com/ZUGFeRD/mustangproject/releases/tag/core-2.16.3nvdWEB
News mentions
0No linked articles in our index yet.