CNNVD-202509-040 Information

Sep 01, 2025 cve

CNNVD ID

CNNVD-202509-040

CVE-2025-9375

CNNVD Published: 2025-09-01

Description (Chinese)

xmltodict是Martín Blech个人开发者的一个Python库。 xmltodict 0.14.2版本存在安全漏洞，该漏洞源于XML注入问题，可能导致输入数据操纵。

Description (English)

xmltodict is a Python library of Martín Blech’s personal developer. Version 0.14.2 of xmldict has a security loophole, which stems from the XML injection problem and may lead to input data manipulation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-01

Last Modified

2026-02-24

References

https://github.com/martinblech/xmltodict https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923 https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33 https://fluidattacks.com/advisories/mono https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md https://nvd.nist.gov/vuln/detail/CVE-2025-9375 https://vigilance.fr/vulnerability/xmltodict-write-access-dated-17-09-2025-48245

Share on: