QwikSec

Security Database

CVE

CWE

Training

CVE-2025-9375

Published: Sep 1, 2025

Modified: Apr 20, 2026

PUBLISHED

Description

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse() delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator, and that XMLGenerator should be the component performing validation.

Vendor	Product	Versions
xmltodict	xmltodict	affected `0.14.2 - < 0.15.1`

Weaknesses (CWE)

References

https://fluidattacks.com/advisories/mono

third-party-advisory

https://github.com/martinblech/xmltodict

product

https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md

patch

release-notes

https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.