Security Advisory

CVE-2025-9375

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-01 16:43:18

Last updated 2026-04-20 21:45:55

Assigner Fluid Attacks

State PUBLISHED

Description

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Pythons xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.

← Browse all CVEs View on cve.org ↗