Home > Vulnerability Database > CVE-2018-25082

Mend.io Vulnerability Database

CVE-2018-25082

Good to know:

Date: March 21, 2023

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.

Language: Python

Severity Score

9.8

Related Resources (7)

Url: https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9

Url: https://vuldb.com/?id.223403

Url: https://github.com/zwczou/weixin-python/releases/tag/v0.5.5

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-25082

Url: https://github.com/zwczou/weixin-python/pull/30

Url: https://vuldb.com/?ctiid.223403

Url: https://www.mend.io/vulnerability-database/CVE-2018-25082

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version weixin-python - 0.5.5

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-25082

Good to know:

Date: March 21, 2023

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?