CVE-2018-25082

MEDIUM

zwczou WeChat SDK Python <0.5.5 - XML External Entity Reference

Title source: llm

Description

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.

References (5)

Core 5

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.223403

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.223403

Patch, Third Party Advisory issue-tracking

https://github.com/zwczou/weixin-python/pull/30

Patch patch

https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9

View Patch ZIP pw:eip

Release Notes patch

https://github.com/zwczou/weixin-python/releases/tag/v0.5.5

Scores

CVSS v3 6.3

EPSS 0.0077

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (2)

pypi/weixin-python 0 - 0.5.5PyPI

wechat_sdk_python_project/wechat_sdk_python < 0.5.5

Published Mar 21, 2023

Tracked Since Feb 18, 2026