{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9375", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2025-08-22T22:03:47.627Z", "datePublished": "2025-09-01T16:43:18.220Z", "dateUpdated": "2026-04-20T21:45:55.337Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2026-04-20T21:45:55.337Z"}, "title": "xmltodict 0.14.2 - XML Injection", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-91", "description": "CWE-91 XML Injection (aka Blind XPath Injection)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "affected": [{"vendor": "xmltodict", "product": "xmltodict", "platforms": ["MacOS", "Linux", "Windows"], "collectionURL": "https://pypi.python.org", "packageName": "xmltodict", "versions": [{"status": "affected", "version": "0.14.2", "lessThan": "0.15.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:macos:*:*:*:*:*", "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:linux:*:*:*:*:*", "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:windows:*:*:*:*:*", "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "XML Injection vulnerability in xmltodict allows Input Data Manipulation.\nThis issue affects xmltodict: from 0.14.2 before 0.15.1.\n\nNOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>XML Injection vulnerability in xmltodict allows Input Data Manipulation.<br></span><p>This issue affects xmltodict: from 0.14.2 before 0.15.1.<br><br>NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.</p>"}]}], "tags": ["disputed"], "references": [{"url": "https://fluidattacks.com/advisories/mono", "tags": ["third-party-advisory"]}, {"url": "https://github.com/martinblech/xmltodict", "tags": ["product"]}, {"url": "https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md", "tags": ["patch", "release-notes"]}, {"url": "https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T15:16:00.971499Z", "id": "CVE-2025-9375", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T15:16:13.844Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-09-05T01:47:50.016Z"}, "references": [{"url": "https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923"}, {"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape"}, {"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923"}, {"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape"}, {"url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-09-05T01:47:50.016Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9375", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T15:16:00.971499Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T17:31:54.276Z"}}], "cna": {"tags": ["disputed"], "title": "xmltodict 0.14.2 - XML Injection", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "xmltodict", "product": "xmltodict", "versions": [{"status": "affected", "version": "0.14.2", "lessThan": "0.15.1", "versionType": "custom"}], "platforms": ["MacOS", "Linux", "Windows"], "packageName": "xmltodict", "collectionURL": "https://pypi.python.org", "defaultStatus": "unaffected"}], "references": [{"url": "https://fluidattacks.com/advisories/mono", "tags": ["third-party-advisory"]}, {"url": "https://github.com/martinblech/xmltodict", "tags": ["product"]}, {"url": "https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md", "tags": ["patch", "release-notes"]}, {"url": "https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "XML Injection vulnerability in xmltodict allows Input Data Manipulation.\nThis issue affects xmltodict: from 0.14.2 before 0.15.1.\n\nNOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.", "supportingMedia": [{"type": "text/html", "value": "<span>XML Injection vulnerability in xmltodict allows Input Data Manipulation.<br></span><p>This issue affects xmltodict: from 0.14.2 before 0.15.1.<br><br>NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-91", "description": "CWE-91 XML Injection (aka Blind XPath Injection)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2"}, {"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2"}, {"criteria": "cpe:2.3:a:xmltodict:xmltodict:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.15.1", "versionStartIncluding": "0.14.2"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2026-04-20T21:45:55.337Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9375", "state": "PUBLISHED", "dateUpdated": "2026-04-20T21:45:55.337Z", "dateReserved": "2025-08-22T22:03:47.627Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2025-09-01T16:43:18.220Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "help@fluidattacks.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "XML Injection vulnerability in xmltodict allows Input Data Manipulation.\nThis issue affects xmltodict: from 0.14.2 before 0.15.1.\n\nNOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation."}], "id": "CVE-2025-9375", "lastModified": "2026-04-20T22:16:22.360", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "help@fluidattacks.com", "type": "Secondary"}]}, "published": "2025-09-01T17:15:33.063", "references": [{"source": "help@fluidattacks.com", "url": "https://fluidattacks.com/advisories/mono"}, {"source": "help@fluidattacks.com", "url": "https://github.com/martinblech/xmltodict"}, {"source": "help@fluidattacks.com", "url": "https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md"}, {"source": "help@fluidattacks.com", "url": "https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "help@fluidattacks.com", "type": "Secondary"}]}

{"bugzilla": {"description": "xmltodict: xmltodict XML Injection", "id": "2392427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392427"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-91", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-9375", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-cni-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-must-gather-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-pilot-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-proxyv2-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-sail-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ee-cloud-services-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-devspaces-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-29-rhel8", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/a:redhat:ansible_core:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform/ee-minimal-rhel8", "product_name": "Red Hat Ansible Automation Platform Ansible Core 2"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-azure-disk-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-azure-file-csi-driver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/ocs-metrics-exporter-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/rook-ceph-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/configbump-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/devspaces-operator-bundle", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/devspaces-rhel9-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/imagepuller-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces-tech-preview/jetbrains-ide-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/traefik-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/udi-base-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/udi-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "python-xmltodict", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-09-01T16:43:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9375\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9375\nhttps://fluidattacks.com/advisories/mono\nhttps://github.com/martinblech/xmltodict"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-22T11:26:41.775721+00:00", "value": {"mitigation_remediation": ["Upgrade xmltodict to 0.15.1 or later.", "Audit code paths that call xmltodict.unparse and add explicit validation of element names before serialization.", "If upgrading is infeasible, wrap XMLGenerator or implement a sanitization routine to reject or escape disallowed element names."], "summary": {"action": "Patch", "impact": "Input data manipulation via XML injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the xmltodict library across all supported operating systems\u2014Linux, macOS, and Windows\u2014for every release from 0.14.2 up to the point immediately before 0.15.1. Any application that imports xmltodict and uses the unparse facility in those versions is potentially exposed.", "description_and_impact": "xmltodict's unparse function delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, which performs no validation of element names. This flaw lets attackers inject crafted XML that can manipulate the output of unparse, potentially altering the structure or contents of data processed by downstream consumers. The issue is identified as CWE\u201191 and can lead to data corruption or unintended data processing. The vulnerability is reported in versions 0.14.2 through just before 0.15.1.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation in the current environment. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access to code that calls xmltodict.unparse; there is no documented network-facing vector. The risk therefore is limited to contexts where an attacker can influence input to the unparse routine, enabling data manipulation."}}}}, "created": "2025-09-02T15:23:15.629959+00:00", "updated": "2026-04-22T11:30:15.375660+00:00", "vendors": ["xmltodict_project", "xmltodict_project$PRODUCT$xmltodict"]}