Lucene search
+L

4 matches found

cvelist
cvelist
added 2025/05/30 7:43 p.m.31 views

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

8.7CVSS0.00417EPSS
Exploits0References2
cve
cve
added 2025/05/30 7:43 p.m.208 views

CVE-2025-48882

PHPOffice Math prior to 0.3.0 is vulnerable to XML External Entity (XXE) injection when loading XML data with LIBXML_DTDLOAD (e.g., MathML parsing). The vulnerability allows an attacker to read local files or cause denial of service via crafted XML; the issue is fixed in 0.3.0. Remediation: upgra...

8.7CVSS6.9AI score0.00417EPSS
Exploits0References2
osv
osv
added 2025/05/30 7:43 p.m.7 views

CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...

8.7CVSS6.6AI score0.00417EPSS
Exploits0References4
circl
circl
added 2025/05/29 8:11 a.m.22 views

CVE-2025-48882

creationtimestamp| type| source ---|---|--- 2025-05-29 08:11:39+00:00| published-proof-of-concept| https://github.com/PHPOffice/Math/security/advisories/GHSA-42hm-pq2f-3r7m 2025-05-30 20:15:02+00:00| seen|...

8.7CVSS5.7AI score0.00417EPSS
Exploits0References3
Rows per page
Query Builder