QwikSec

Security Database

CVE

CWE

Training

CVE-2025-12084

Published: Dec 3, 2025

Modified: Mar 3, 2026

PUBLISHED

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.10.20` affected `3.11.0 - < 3.11.15` affected `3.12.0 - < 3.12.13` affected `3.13.0 - < 3.13.11` affected `3.14.0 - < 3.14.2` +1 more versions

References

https://github.com/python/cpython/pull/142146

patch

https://github.com/python/cpython/issues/142145

issue-tracking

https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4

patch

https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0

patch

https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964

patch

https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437

patch

https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907

patch

https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d

patch

https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8

patch

https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af

patch

https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273

patch

https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53

patch

https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8

patch

https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.