Home > Vulnerability Database > CVE-2025-9375

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2025-9375

Good to know:

Date: September 1, 2025

XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodict: 0.14.2.

Severity Score

5.3

Related Resources (10)

Url: https://security-tracker.debian.org/tracker/CVE-2025-9375

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-9375

Url: https://github.com/martinblech/xmltodict

Url: https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md

Url: https://github.com/martinblech/xmltodict/issues/377#issuecomment-3255691923

Url: https://fluidattacks.com/advisories/mono

Url: https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.escape

Url: https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33

Url: https://docs.python.org/3/library/xml.sax.utils.html#xml.sax.saxutils.XMLGenerator

Url: https://www.mend.io/vulnerability-database/CVE-2025-9375

Severity Score

5.3

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

Top Fix

Upgrade Version

Upgrade to version xmltodict - no_fix;xmltodict - no_fix

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us