Bug 2395108 (CVE-2025-59375) - CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
Summary: CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dyn...
Keywords:
Status: NEW
Alias: CVE-2025-59375
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2395121 2395119 2395120 2395122 2395123
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-15 03:01 UTC by OSIDB Bzimport
Modified: 2025-12-08 20:28 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:21781 0 None None None 2025-11-20 01:31:56 UTC
Red Hat Product Errata RHBA-2025:21783 0 None None None 2025-11-20 01:39:11 UTC
Red Hat Product Errata RHBA-2025:21784 0 None None None 2025-11-20 01:43:02 UTC
Red Hat Product Errata RHBA-2025:21838 0 None None None 2025-11-20 10:54:02 UTC
Red Hat Product Errata RHBA-2025:21911 0 None None None 2025-11-20 23:28:08 UTC
Red Hat Product Errata RHBA-2025:21958 0 None None None 2025-11-24 12:15:38 UTC
Red Hat Product Errata RHBA-2025:21959 0 None None None 2025-11-24 14:00:18 UTC
Red Hat Product Errata RHBA-2025:22078 0 None None None 2025-11-25 16:48:39 UTC
Red Hat Product Errata RHBA-2025:22092 0 None None None 2025-11-25 16:29:14 UTC
Red Hat Product Errata RHBA-2025:22358 0 None None None 2025-12-01 01:03:51 UTC
Red Hat Product Errata RHBA-2025:22360 0 None None None 2025-12-01 01:02:13 UTC
Red Hat Product Errata RHBA-2025:22378 0 None None None 2025-12-01 02:29:12 UTC
Red Hat Product Errata RHBA-2025:22424 0 None None None 2025-12-01 13:15:19 UTC
Red Hat Product Errata RHBA-2025:22430 0 None None None 2025-12-01 15:41:20 UTC
Red Hat Product Errata RHBA-2025:22465 0 None None None 2025-12-01 19:21:05 UTC
Red Hat Product Errata RHSA-2025:19020 0 None None None 2025-10-27 17:46:37 UTC
Red Hat Product Errata RHSA-2025:19403 0 None None None 2025-11-03 01:42:42 UTC
Red Hat Product Errata RHSA-2025:21030 0 None None None 2025-11-11 19:48:05 UTC
Red Hat Product Errata RHSA-2025:21773 0 None None None 2025-11-19 19:54:43 UTC
Red Hat Product Errata RHSA-2025:21776 0 None None None 2025-11-19 22:02:00 UTC
Red Hat Product Errata RHSA-2025:21974 0 None None None 2025-11-24 16:14:30 UTC
Red Hat Product Errata RHSA-2025:22033 0 None None None 2025-11-25 07:50:19 UTC
Red Hat Product Errata RHSA-2025:22034 0 None None None 2025-11-25 07:27:52 UTC
Red Hat Product Errata RHSA-2025:22035 0 None None None 2025-11-25 07:12:44 UTC
Red Hat Product Errata RHSA-2025:22175 0 None None None 2025-11-26 10:47:24 UTC
Red Hat Product Errata RHSA-2025:22607 0 None None None 2025-12-02 14:16:45 UTC
Red Hat Product Errata RHSA-2025:22785 0 None None None 2025-12-04 23:08:29 UTC
Red Hat Product Errata RHSA-2025:22842 0 None None None 2025-12-08 11:32:42 UTC
Red Hat Product Errata RHSA-2025:22871 0 None None None 2025-12-08 20:28:39 UTC

Description OSIDB Bzimport 2025-09-15 03:01:24 UTC 
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Comment 3 errata-xmlrpc 2025-10-27 17:46:35 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services 2.4.62.SP2

Via RHSA-2025:19020 https://access.redhat.com/errata/RHSA-2025:19020
Comment 4 errata-xmlrpc 2025-11-03 01:42:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19403 https://access.redhat.com/errata/RHSA-2025:19403
Comment 5 errata-xmlrpc 2025-11-11 19:48:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21030 https://access.redhat.com/errata/RHSA-2025:21030
Comment 6 errata-xmlrpc 2025-11-19 19:54:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21773 https://access.redhat.com/errata/RHSA-2025:21773
Comment 7 errata-xmlrpc 2025-11-19 22:01:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21776 https://access.redhat.com/errata/RHSA-2025:21776
Comment 8 errata-xmlrpc 2025-11-24 16:14:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:21974 https://access.redhat.com/errata/RHSA-2025:21974
Comment 9 errata-xmlrpc 2025-11-25 07:12:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22035 https://access.redhat.com/errata/RHSA-2025:22035
Comment 10 errata-xmlrpc 2025-11-25 07:27:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22034 https://access.redhat.com/errata/RHSA-2025:22034
Comment 11 errata-xmlrpc 2025-11-25 07:50:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:22033 https://access.redhat.com/errata/RHSA-2025:22033
Comment 12 errata-xmlrpc 2025-11-26 10:47:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22175 https://access.redhat.com/errata/RHSA-2025:22175
Comment 13 errata-xmlrpc 2025-12-02 14:16:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:22607 https://access.redhat.com/errata/RHSA-2025:22607
Comment 14 errata-xmlrpc 2025-12-04 23:08:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22785 https://access.redhat.com/errata/RHSA-2025:22785
Comment 16 errata-xmlrpc 2025-12-08 11:32:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:22842 https://access.redhat.com/errata/RHSA-2025:22842
Comment 17 errata-xmlrpc 2025-12-08 20:28:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:22871 https://access.redhat.com/errata/RHSA-2025:22871
Note You need to log in before you can comment on or make changes to this bug.