Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66382 (GCVE-0-2025-66382)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-12-03 16:08
VLAI?
EPSS
Summary
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Severity ?
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| libexpat project | libexpat |
Affected:
0 , ≤ 2.7.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:18.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/02/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:08:41.228187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:08:46.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libexpat",
"vendor": "libexpat project",
"versions": [
{
"lessThanOrEqual": "2.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:07:48.705Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/issues/1076"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66382",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-12-03T16:08:46.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66382\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-11-28T07:15:57.900\",\"lastModified\":\"2025-12-19T16:05:03.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-407\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.3\",\"matchCriteriaId\":\"3DBC21F7-1BF6-4758-B502-23128DDE3C88\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/issues/1076\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/12/02/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/12/02/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-02T02:34:18.532Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66382\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T16:08:41.228187Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T16:08:43.802Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.9, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"affected\": [{\"vendor\": \"libexpat project\", \"product\": \"libexpat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.7.3\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/1076\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-407\", \"description\": \"CWE-407 Inefficient Algorithmic Complexity\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"2.7.3\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-11-28T06:07:48.705Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66382\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T16:08:46.903Z\", \"dateReserved\": \"2025-11-28T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-11-28T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-66382
Vulnerability from fkie_nvd - Published: 2025-11-28 07:15 - Updated: 2025-12-19 16:05
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat_project | libexpat | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBC21F7-1BF6-4758-B502-23128DDE3C88",
"versionEndIncluding": "2.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time."
}
],
"id": "CVE-2025-66382",
"lastModified": "2025-12-19T16:05:03.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-28T07:15:57.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/libexpat/libexpat/issues/1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/12/02/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
GHSA-93Q9-CRCW-VWGQ
Vulnerability from github – Published: 2025-11-28 09:30 – Updated: 2025-12-02 03:31
VLAI?
Details
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-66382"
],
"database_specific": {
"cwe_ids": [
"CWE-407"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-28T07:15:57Z",
"severity": "LOW"
},
"details": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
"id": "GHSA-93q9-crcw-vwgq",
"modified": "2025-12-02T03:31:41Z",
"published": "2025-11-28T09:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382"
},
{
"type": "WEB",
"url": "https://github.com/libexpat/libexpat/issues/1076"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/12/02/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-66382
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-12-23 01:36Summary
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66382.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.",
"tracking": {
"current_release_date": "2025-12-23T01:36:29.000Z",
"generator": {
"date": "2025-12-23T08:46:56.266Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-66382",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-29T01:01:32.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-02T01:41:38.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-12-21T01:01:17.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2025-12-23T01:36:29.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 expat 2.6.4-2",
"product": {
"name": "azl3 expat 2.6.4-2",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "cbl2 expat 2.6.4-2",
"product": {
"name": "cbl2 expat 2.6.4-2",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "expat"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 expat 2.6.4-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 expat 2.6.4-2 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66382",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66382.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-11-29T01:01:32.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
},
{
"category": "none_available",
"date": "2025-11-29T01:01:32.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 2.9,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"17084-1",
"17086-2"
]
}
],
"title": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…