Home > Vulnerability Database > WS-2025-0004

Mend.io Vulnerability Database

WS-2025-0004

Good to know:

Date: October 8, 2025

Fix a class of false positives where input should have been rejected with error XML_ERROR_ASYNC_ENTITY; regression from CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and related backports). Please check the added unit tests for example documents.

Severity Score

7.5

Related Resources (2)

Url: https://seclists.org/oss-sec/2025/q3/194

Url: https://www.mend.io/vulnerability-database/WS-2025-0004

Severity Score

7.5

Top Fix

Upgrade Version

Upgrade to version expat - 2.7.3;https://github.com/libexpat/libexpat.git - R_2_7_3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2025-0004

Good to know:

Date: October 8, 2025

Severity Score

Related Resources (2)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?