CVE-2026-25210
CVE-2026-25210 is a medium-severity vulnerability in Libexpat Project Libexpat with a CVSS 3.x base score of 6.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-190.
Key facts
- Severity: Medium (CVSS 3.x base score 6.9)
- EPSS exploit prediction: 0% (9th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-5042
- Weakness: CWE-190
- Affected product: Libexpat Project Libexpat
- Published:
- Last modified:
Description
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Frequently asked questions
- What is CVE-2026-25210?
- In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
- How severe is CVE-2026-25210?
- CVE-2026-25210 has a CVSS 3.x base score of 6.9, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability low.
- Is CVE-2026-25210 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-25210?
- CVE-2026-25210 affects Libexpat Project Libexpat. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-25210?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-25210 have an EU (EUVD) identifier?
- Yes. CVE-2026-25210 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-5042.
- When was CVE-2026-25210 published?
- CVE-2026-25210 was published on 2026-01-30 and last updated on 2026-06-17.
References
- https://github.com/libexpat/libexpat/pull/1075
- https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7
- https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Affected products (1)
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
More vulnerabilities in Libexpat Project Libexpat
- CVE-2024-45492 — Critical (CVSS 9.8): An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for…
- CVE-2024-45491 — Critical (CVSS 9.8): An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts…
- CVE-2022-25315 — Critical (CVSS 9.8): In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- CVE-2022-25236 — Critical (CVSS 9.8): xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into…
- CVE-2022-25235 — Critical (CVSS 9.8): xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a…
- CVE-2022-23852 — Critical (CVSS 9.8): Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero…
All CVEs affecting Libexpat Project Libexpat →
Other CWE-190 (Integer Overflow or Wraparound) vulnerabilities
- CVE-2026-4689 — Critical (CVSS 10.0): Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was…
- CVE-2026-24814 — Critical (CVSS 10.0): Integer Overflow or Wraparound vulnerability in swoole swoole-src (thirdparty/hiredis modules). This vulnerability is…
- CVE-2025-64721 — Critical (CVSS 10.0): Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions…
- CVE-2015-5108 — Critical (CVSS 10.0): Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC…
- CVE-2015-5097 — Critical (CVSS 10.0): Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC…
- CVE-2013-2555 — Critical (CVSS 10.0): Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before…
Browse all CWE-190 (Integer Overflow or Wraparound) vulnerabilities →