2395108 – (CVE-2025-59375) CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

Bug 2395108 (CVE-2025-59375) - CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

Summary: CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dyn...

Keywords:
Status:	NEW
Alias:	CVE-2025-59375
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2395121 2395119 2395120 2395122 2395123
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-15 03:01 UTC by OSIDB Bzimport
Modified:	2025-11-26 10:47 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2025:21781	None	None	None	2025-11-20 01:31:56 UTC
Red Hat Product Errata	RHBA-2025:21783	None	None	None	2025-11-20 01:39:11 UTC
Red Hat Product Errata	RHBA-2025:21784	None	None	None	2025-11-20 01:43:02 UTC
Red Hat Product Errata	RHBA-2025:21838	None	None	None	2025-11-20 10:54:02 UTC
Red Hat Product Errata	RHBA-2025:21911	None	None	None	2025-11-20 23:28:08 UTC
Red Hat Product Errata	RHBA-2025:21958	None	None	None	2025-11-24 12:15:38 UTC
Red Hat Product Errata	RHBA-2025:21959	None	None	None	2025-11-24 14:00:18 UTC
Red Hat Product Errata	RHBA-2025:22078	None	None	None	2025-11-25 16:48:39 UTC
Red Hat Product Errata	RHBA-2025:22092	None	None	None	2025-11-25 16:29:14 UTC
Red Hat Product Errata	RHSA-2025:19020	None	None	None	2025-10-27 17:46:37 UTC
Red Hat Product Errata	RHSA-2025:19403	None	None	None	2025-11-03 01:42:42 UTC
Red Hat Product Errata	RHSA-2025:21030	None	None	None	2025-11-11 19:48:05 UTC
Red Hat Product Errata	RHSA-2025:21773	None	None	None	2025-11-19 19:54:43 UTC
Red Hat Product Errata	RHSA-2025:21776	None	None	None	2025-11-19 22:02:00 UTC
Red Hat Product Errata	RHSA-2025:21974	None	None	None	2025-11-24 16:14:30 UTC
Red Hat Product Errata	RHSA-2025:22033	None	None	None	2025-11-25 07:50:19 UTC
Red Hat Product Errata	RHSA-2025:22034	None	None	None	2025-11-25 07:27:52 UTC
Red Hat Product Errata	RHSA-2025:22035	None	None	None	2025-11-25 07:12:44 UTC
Red Hat Product Errata	RHSA-2025:22175	None	None	None	2025-11-26 10:47:24 UTC

Description OSIDB Bzimport 2025-09-15 03:01:24 UTC

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Comment 3 errata-xmlrpc 2025-10-27 17:46:35 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Core Services 2.4.62.SP2

Via RHSA-2025:19020 https://access.redhat.com/errata/RHSA-2025:19020

Comment 4 errata-xmlrpc 2025-11-03 01:42:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19403 https://access.redhat.com/errata/RHSA-2025:19403

Comment 5 errata-xmlrpc 2025-11-11 19:48:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21030 https://access.redhat.com/errata/RHSA-2025:21030

Comment 6 errata-xmlrpc 2025-11-19 19:54:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21773 https://access.redhat.com/errata/RHSA-2025:21773

Comment 7 errata-xmlrpc 2025-11-19 22:01:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21776 https://access.redhat.com/errata/RHSA-2025:21776

Comment 8 errata-xmlrpc 2025-11-24 16:14:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21974 https://access.redhat.com/errata/RHSA-2025:21974

Comment 9 errata-xmlrpc 2025-11-25 07:12:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22035 https://access.redhat.com/errata/RHSA-2025:22035

Comment 10 errata-xmlrpc 2025-11-25 07:27:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22034 https://access.redhat.com/errata/RHSA-2025:22034

Comment 11 errata-xmlrpc 2025-11-25 07:50:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:22033 https://access.redhat.com/errata/RHSA-2025:22033

Comment 12 errata-xmlrpc 2025-11-26 10:47:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22175 https://access.redhat.com/errata/RHSA-2025:22175

Note You need to log in before you can comment on or make changes to this bug.