CVE-2022-25236

CRITICAL

Libexpat < 2.4.5 - Exposure to Wrong Actor

Title source: rule
STIX 2.1

Description

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Exploits (1)

nomisec WRITEUP
by Satheesh575555 · poc
https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-25236

References (11)

Core 11
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/libexpat/libexpat/pull/561
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/02/19/1
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5085
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220303-0008/
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202209-24

Scores

CVSS v3 9.8
EPSS 0.0738
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-668
Status published
Products (7)
debian/debian_linux 10.0
debian/debian_linux 11.0
libexpat_project/libexpat < 2.4.5
oracle/http_server 12.2.1.3.0
oracle/http_server 12.2.1.4.0
oracle/zfs_storage_appliance_kit 8.8
siemens/sinema_remote_connect_server < 3.1
Published Feb 16, 2022
Tracked Since Feb 18, 2026