A subtle but consequential performance flaw in CPython’s xml.dom.minidom has been assigned CVE‑2025‑12084 after maintainers confirmed a quadratic‑time behavior in the node ID cache clearing routine that can be triggered when constructing deeply nested XML documents; the defect has been fixed...
