← Back

CVE-2025-66382

nvd nist
Published: Nov 28, 2025Modified: Jun 2, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Affected (1)

Libexpat Project
1 product
Libexpat
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libexpat
Up to 2.7.3

Related CWEs

CWE-407
Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References (4)

Source: cve@mitre.org
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Timeline

No history available yet.