CVE-2025-68463

MEDIUM

Biopython < 1.86 - XML External Entity Injection in Bio.Entrez

Title source: llm

Bio.Entrez in Biopython through 186 allows doctype XXE.

Core 5

Core References

Issue Tracking

Mailing List

CVSS v3 4.9

EPSS 0.0029

EPSS Percentile 20.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-611

Status published

Products (2)

Biopython/Biopython < 186

pypi/biopython 0 - 1.86PyPI

Published Dec 18, 2025

Tracked Since Feb 18, 2026