CVE-2026-25210

Published Jan 30, 2026

Last updated a month ago

CVSS medium 6.9
AWS

Overview

Description
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Source
cve@mitre.org
NVD status
Analyzed
Products
libexpat

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-190

Social media

Hype score
Not currently trending

  1. Expat XML parser flaws in Ubuntu 25.10, 22.04 LTS and older allow DoS or possible code execution via crafted XML, impacting xmltok (CVE-2025-59375, CVE-2026-24515, CVE-2026-25210). #Linux https://t.co/GHBz2VW3Sz

    @threatcluster

    11 Feb 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. CVE-2024-31884
  2. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080
  3. Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.CVE-2026-5709
  4. Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.CVE-2026-5707
  5. Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.CVE-2026-5708

References

Sources include official advisories and independent security research.