Home

Description

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1.

PUBLISHED Reserved 2025-08-22 | Published 2025-09-01 | Updated 2025-09-11 | Assigner Fluid Attacks




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-91 XML Injection (aka Blind XPath Injection)

Product status

Default status
unaffected

0.14.2 (custom) before 0.15.1
affected

References

fluidattacks.com/advisories/mono third-party-advisory

github.com/martinblech/xmltodict product

github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md patch release-notes

github.com/...ommit/f98c90f071228ed73df997807298e1df4f790c33 patch

cve.org (CVE-2025-9375)

nvd.nist.gov (CVE-2025-9375)

Download JSON