CVE-2025-59375 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
libexpat_project	libexpat	𝑥 < 2.7.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

expat

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2.7.5-1 fixed
sid	2.7.5-1 fixed
trixie	vulnerable

firefox

bookworm	ignored
bullseye	ignored
sid	149.0-1 fixed
trixie	no-dsa

firefox-esr

bookworm	vulnerable
bookworm (security)	140.9.0esr-1~deb12u1 fixed
bullseye	vulnerable
bullseye (security)	140.9.0esr-1~deb11u1 fixed
forky	140.9.0esr-1 fixed
sid	140.9.0esr-1 fixed
trixie	vulnerable
trixie (security)	140.9.0esr-1~deb13u1 fixed

thunderbird

bookworm	vulnerable
bookworm (security)	1:140.9.0esr-1~deb12u1 fixed
bullseye	vulnerable
bullseye (security)	1:140.9.0esr-1~deb11u1 fixed
forky	1:140.9.0esr-1 fixed
sid	1:140.9.0esr-1 fixed
trixie	vulnerable
trixie (security)	1:140.9.0esr-1~deb13u1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Vulnerability Media Exposure

[GERMAN] Mozilla Firefox und Mozilla Thunderbird: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuführen, um einen Denial of Service herbeizuführen, um Informationen offenzulegen, um Sicherheitsmechanismen zu umgehen, um den Benutzer zu täuschen und um nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2026-03-24T23:00:00+00:00

References

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74

https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes

https://github.com/libexpat/libexpat/issues/1018

https://github.com/libexpat/libexpat/pull/1034

https://issues.oss-fuzz.com/issues/439133977

http://www.openwall.com/lists/oss-security/2025/09/16/2