CVE-2025-59375: libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770)
Published Sep 15, 2025
·Updated
Accessibility. A privacy issue was addressed by removing sensitive data.
Other sources
Accessibility. An inconsistent user interface issue was addressed with improved state management.
— Apple
Admin Framework. A parsing issue in the handling of directory paths was addressed with improved path validation.
— Apple
AppleEvents. An authorization issue was addressed with improved state management.
— Apple
AppleKeyStore. A use after free issue was addressed with improved memory management.
— Apple
AppleMobileFileIntegrity. A parsing issue in the handling of directory paths was addressed with improved path validation.
— Apple
Credit
Johnny Franks (zeroxjf), an anonymous researcher, jioundai, Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Golden Helm Securities(Iru), Gergely Kalman@@gergely_kalman(Iru), Csaba Fitzl@@theevilbit(Iru), Google Threat Analysis Group, Asaf Cohen, George Karchemsky@@gkarchemsky(Trend Micro Zero Day Initiative), Jian Lee@@speedyfriend433, Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef, CVE-2025-59375, Noah Gregory (wts.dev), Gongyu Ma@@Mezone0, EntryHi, Wong Wee Xiang, Loh Boon Keat, Jacob Prezant (prezant.us), Nils Hanff @chaos.social)@@nils1729(Hasso Plattner Institute), Amy (amys.website), Atul Kishor Jaiswal, Gergely Kalman@@gergely_kalman, Kirin@@Pwnrin, Keisuke Hosoda, Zhongcheng Li(IES Red Team), Richard Hyunho Im at Route Zero Security (routezero.security)@@richeeta, Ron Masas(BreakPoint), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Dalibor Milanovic, Óscar García Pérez, Stanislav Jelezoglo, Viktor Lord Härringtón, Enis Maholli (enismaholli.com), LeminLimez, Nathaniel Oh@@calysteon, HanQing(TSDubhe), Nan Wang@@eternalsakura13, Tom Van Goethem, Wang Yu(Cyberserval), piffz, Daniel Nurkin, Al Sadman Awal, Mohamed Hamdadou & Mahran Alhazmi, Hichem Maloufi, Christian Mina, Gerson Aldaz, qwerty j0y & Ricardo Garcia, Dorian Del Valle, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t, @@cloudlldb, Ryan Dowd@@_rdowd, Ron Elemans, Murray Mike, 이동하 (Lee Dong Ha)(SSA Lab), Chunyu Song(NorthSea), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), (Indiana University Bloomington), Luyi Xing(Indiana University Bloomington), Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Pwn2car, Morris Richman@@morrisinlife
Affected Software
33 affected componentsFixes available
Expat libexpat<2.7.2
Expat libexpat>2.7.2
Microsoft cbl2 python3 3.9.19-14
Microsoft azl3 python3 3.12.9-4
Microsoft cbl2 expat 2.6.4-1
Microsoft azl3 cmake 3.30.3-9
Microsoft cbl2 cmake 3.21.4-18
Microsoft azl3 expat 2.6.4-1
Microsoft azl3 expat 2.6.4-1
Microsoft cbl2 expat 2.6.4-2
Microsoft cbl2 expat 2.6.4-1
Microsoft azl3 expat 2.6.4-2
Libexpat Project Libexpat<2.7.2
F5 BIG-IP=21.0.0
F5 BIG-IP>=17.5.0<=17.5.1, >=17.1.0<=17.1.3
F5 BIG-IP>=16.1.0<=16.1.6
F5 BIG-IP>=15.1.0<=15.1.10
F5 F5OS-A>=1.8.0<=1.8.3, >=1.5.1<=1.5.4
F5 F5OS-C>=1.8.0<=1.8.2, >=1.6.0<=1.6.4
Apple visionOS<26.3
26.3
Apple macOS Sequoia<15.7.4
15.7.4
Apple iOS<26.3
26.3
Apple iPadOS<26.3
26.3
Apple macOS Tahoe<26.3
26.3
Apple tvOS<26.3
26.3
Apple WatchOS<26.3
26.3
Apple iOS<18.7.5
18.7.5
Apple iPadOS<18.7.5
18.7.5
Apple macOS Sonoma<14.8.4
14.8.4
Mozilla Firefox<149
149
Mozilla Firefox ESR<140.9
140.9
Mozilla Thunderbird<140.9
140.9
Mozilla Thunderbird<149
149
Event History
Sep 15, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·03:01 AM
DescriptionSeverityAffected Software
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
Affected Software
Sep 16, 2025
Data Sourced
via Microsoft·01:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·01:01 AM
Affected Software
Updated
via Microsoft·01:01 AM
DescriptionSeverity
Dec 9, 2025
Advisory Published
via F5·03:43 PM
Data Sourced
via F5·03:43 PM
DescriptionSeverityWeaknessAffected Software
Feb 11, 2026
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionAffected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Mar 24, 2026
Data Sourced
via Mozilla·12:00 AM
DescriptionSeverityAffected Software
Updated
via Mozilla·12:00 AM
Affected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-4684
- CVE-2026-4685
- CVE-2026-4686
- CVE-2026-4687
- CVE-2026-4688
- CVE-2026-4689
- CVE-2026-4690
- CVE-2026-4691
- CVE-2026-4692
- CVE-2026-4693
- CVE-2026-4694
- CVE-2026-4695
- CVE-2026-4696
- CVE-2026-4697
- CVE-2026-4698
- CVE-2026-4699
- CVE-2026-4700
- CVE-2026-4701
- CVE-2026-4722
- CVE-2026-4702
- CVE-2026-4723
- CVE-2026-4724
- CVE-2026-4704
- CVE-2026-4705
- CVE-2026-4706
- CVE-2026-4707
- CVE-2026-4708
- CVE-2026-4709
- CVE-2026-4710
- CVE-2026-4711
- CVE-2026-4725
- CVE-2026-4712
- CVE-2026-4713
- CVE-2026-4714
- CVE-2026-4715
- CVE-2026-4716
- CVE-2026-4717
- CVE-2026-4726
- CVE-2025-59375
- CVE-2026-4727
- CVE-2026-4728
- CVE-2026-4718
- CVE-2026-4719
- CVE-2026-4720
- CVE-2026-4729
- CVE-2026-4721
- CVE-2026-3889
- CVE-2026-4371
- CVE-2026-20637
- CVE-2026-20650
- CVE-2026-20611
- CVE-2026-20609
- CVE-2026-20617
- CVE-2026-20627
- CVE-2025-14174
- CVE-2025-43529
- CVE-2026-20700
- CVE-2026-20649
- CVE-2026-20675
- CVE-2026-20634
- CVE-2026-20654
- CVE-2026-20671
- CVE-2026-20667
- CVE-2026-20628
- CVE-2026-20641
- CVE-2026-20635
- CVE-2026-20645
- CVE-2026-20674
- CVE-2026-20638
- CVE-2026-20660
- CVE-2026-20686
- CVE-2026-20615
- CVE-2026-20668
- CVE-2026-20626
- CVE-2026-20663
- CVE-2026-20655
- CVE-2026-20677
- CVE-2026-20694
- CVE-2026-20642
- CVE-2026-20678
- CVE-2026-28855
- CVE-2026-20682
- CVE-2026-20653
- CVE-2026-20680
- CVE-2026-20606
- CVE-2026-20640
- CVE-2026-20661
- CVE-2026-20652
- CVE-2026-20608
- CVE-2026-20676
- CVE-2026-20644
- CVE-2026-20636
- CVE-2026-20621
- CVE-2025-43537
- CVE-2026-20673
- CVE-2026-20616
- CVE-2025-43533
- CVE-2025-46300
- CVE-2025-46301
- CVE-2025-46302
- CVE-2025-46303
- CVE-2025-46304
- CVE-2025-46305
- CVE-2026-20656
- CVE-2026-20605
- CVE-2026-20670
- CVE-2026-20624
- CVE-2026-20625
- CVE-2025-43403
- CVE-2025-46283
- CVE-2025-43417
- CVE-2026-20620
- CVE-2025-43338
- CVE-2026-20651
- CVE-2025-46310
- CVE-2026-20614
- CVE-2025-46290
- CVE-2026-20612
- CVE-2025-43402
- CVE-2026-20602
- CVE-2026-20622
- CVE-2026-20662
- CVE-2026-20619
- CVE-2026-20669
- CVE-2026-20639
- CVE-2026-20681
- CVE-2026-20629
- CVE-2026-20601
- CVE-2026-20623
- CVE-2026-20630
- CVE-2026-20603
- CVE-2026-20666
- CVE-2026-20658
- CVE-2026-20610
- CVE-2026-20648
- CVE-2026-20647
- CVE-2026-20699
- CVE-2026-20618
- CVE-2026-20646
Frequently Asked Questions
1
What is the severity of CVE-2025-59375?
CVE-2025-59375 is classified with a severity that indicates it can lead to denial of service due to large dynamic memory allocations.
2
How do I fix CVE-2025-59375?
To fix CVE-2025-59375, update Expat to version 2.7.2 or later.
3
What type of attack is associated with CVE-2025-59375?
CVE-2025-59375 is associated with denial of service attacks that exploit memory allocation vulnerabilities.
4
Which versions of Expat are affected by CVE-2025-59375?
CVE-2025-59375 affects all versions of Expat prior to 2.7.2.
5
What is the impact of CVE-2025-59375 on applications using Expat?
Applications using affected versions of Expat may experience crashes or unresponsive behavior when processing specially crafted documents.