AlmaLinux 10 : expat (ALSA-2025:19403)

🗓️ 10 Nov 2025 00:00:00Reported by TenableType

AlmaLinux 10 expat vulnerability allows large memory allocations via a small document (CVE-2025-59375).

Reporter	Title	Published	Views	Family All 499
IBM Security Bulletins	Security Bulletin: AIX/VIOS is affected by multiple vulnerabilities due to Python	19 Nov 202515:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in expat affects IBM Netezza Appliance	15 Dec 202512:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in expat library (CVE-2025-59375) affects Power HMC.	31 Mar 202615:27	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty and Expat that are shipped with IBM CICS TX Standard.	24 Mar 202613:54	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of libexpat , IBM Sterling Connect:Direct Web Services is affected by large memory allocations issue.	17 Dec 202506:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	27 Feb 202615:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization	9 Feb 202614:45	–	ibm
IBM Security Bulletins	Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing	3 Jun 202613:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities within IBM HTTP Server, affect IBM Tivoli Monitoring.	8 Jun 202616:44	–	ibm
IBM Security Bulletins	Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.	7 Apr 202613:52	–	ibm

Source	Link
errata	www.errata.almalinux.org/10/ALSA-2025-19403.html
access	www.access.redhat.com/errata/RHSA-2025:19403
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2025:19403.
##

include('compat.inc');

if (description)
{
  script_id(274623);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/10");

  script_cve_id("CVE-2025-59375");
  script_xref(name:"ALSA", value:"2025:19403");
  script_xref(name:"RHSA", value:"2025:19403");

  script_name(english:"AlmaLinux 10 : expat (ALSA-2025:19403)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the
ALSA-2025:19403 advisory.

    * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small
    document that is submitted for parsing (CVE-2025-59375)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/10/ALSA-2025-19403.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2025:19403");
  script_set_attribute(attribute:"solution", value:
"Update the affected expat and / or expat-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-59375");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(770);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:expat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:expat-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::baseos");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::highavailability");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::nfv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::powertools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::realtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::resilientstorage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::sap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::sap_hana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:10::supplementary");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'AlmaLinux' >!< os_product) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
if (! preg(pattern:"^10([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'AlmaLinux 10.x', 'AlmaLinux ' + os_version);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var constraints = [
  {
    'release': '10',
    'pkgs': [
      {'reference':'expat-2.7.1-1.el10_0.3', 'cpu':'aarch64', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-2.7.1-1.el10_0.3', 'cpu':'ppc64le', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-2.7.1-1.el10_0.3', 'cpu':'s390x', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-2.7.1-1.el10_0.3', 'cpu':'x86_64', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-2.7.1-1.el10_0.3', 'cpu':'x86_64_v2', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-devel-2.7.1-1.el10_0.3', 'cpu':'aarch64', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-devel-2.7.1-1.el10_0.3', 'cpu':'ppc64le', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-devel-2.7.1-1.el10_0.3', 'cpu':'s390x', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-devel-2.7.1-1.el10_0.3', 'cpu':'x86_64', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'expat-devel-2.7.1-1.el10_0.3', 'cpu':'x86_64_v2', 'el_string':'el10_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / expat-devel');
}

10 Nov 2025 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17.5

EPSS0.00102

SSVC