CNNVD-202512-1364 Information

CNNVD ID

CNNVD-202512-1364

Related CVE

CVE-2025-66578

• CNNVD Published: 2025-12-09

Description (Chinese)

Xmlseclibs是一个用 PHP 编写的库，用于处理 XML 加密和签名。 Xmlseclibs 3.1.3版本存在安全漏洞，该漏洞源于libxml2规范化过程存在缺陷，可能导致身份验证绕过。

Description (English)

Xmleseclibs is a library written by PHP to handle XML encryption and signature. The security gap in version 3.1.3 of the Xmlesclibs stems from deficiencies in the libxml2 regularization process, which may lead to a circumvention of identification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296 https://github.com/robrichards/xmlseclibs/commit/69fd63080bc47a8d51bc101c30b7cb756862d1d6 https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9

Patch

https://github.com/robrichards/xmlseclibs/releases