DEBIAN-CVE-2025-59375 — Vulnetix

DEBIAN-CVE-2025-59375 PUBLISHED CVSS 7.5 HIGH

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	expat	2.7.1-2, 2.7.1-2, 0
Debian:11	thunderbird	115.6.0-1, 1:91.0~b1-1, 1:91.0~b5-1
Debian:13	firefox-esr	, , 140.9.0
Debian:13	thunderbird	1:140.4.0esr-1, 1:140.3.1esr-1, 1:140.3.0esr-1~deb13u1
Debian:12	firefox-esr	*, 0, 102.11.0esr-1
Debian:12	expat	2.6.1-2, 0, 2.6.3-2
Debian:13	expat	2.8.0-1, 2.7.5-1, 2.7.4-1
Debian:11	expat	2.6.3-1, 2.4.7-1, 2.7.2-1
Debian:11	firefox-esr	115.12.0esr-1~deb12u1, 115.13.0esr-1, 115.13.0esr-1~deb11u1
Debian:12	thunderbird	, , *
Debian:14	firefox-esr	*, 0, 128.13.0esr-1
Debian:14	thunderbird	1:140.3.0esr-1~deb11u1, 1:140.3.0esr-1, 1:140.2.0esr-1

Timeline

Sep 15, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-59375 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›