4 matches found
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882
PHPOffice Math prior to 0.3.0 is vulnerable to XML External Entity (XXE) injection when loading XML data with LIBXML_DTDLOAD (e.g., MathML parsing). The vulnerability allows an attacker to read local files or cause denial of service via crafted XML; the issue is fixed in 0.3.0. Remediation: upgra...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882
creationtimestamp| type| source ---|---|--- 2025-05-29 08:11:39+00:00| published-proof-of-concept| https://github.com/PHPOffice/Math/security/advisories/GHSA-42hm-pq2f-3r7m 2025-05-30 20:15:02+00:00| seen|...