Home > Vulnerability Database > CVE-2025-48882

Mend.io Vulnerability Database

CVE-2025-48882

Good to know:

Date: May 30, 2025

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard "libxml" extension and the "LIBXML_DTDLOAD" flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/PHPOffice/Math

Url: https://github.com/PHPOffice/Math/commit/fc31c8f57a7a81f962cbf389fd89f4d9d06fc99a

Url: https://github.com/PHPOffice/Math/security/advisories/GHSA-42hm-pq2f-3r7m

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48882

Url: https://www.mend.io/vulnerability-database/CVE-2025-48882

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Top Fix

Upgrade Version

Upgrade to version https://github.com/PHPOffice/Math.git - 0.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48882

Good to know:

Date: May 30, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?