CVE-2025-66382 is a denial-of-service vulnerability in the Expat XML parser (libexpat) affecting versions up through Expat 2.7.3. A specially crafted XML file of approximately 2 MB can cause prolonged CPU usage lasting dozens of seconds, leading to an algorithmic-complexity DoS condition. This impacts any application that parses untrusted XML using the vulnerable library. Discussions on WindowsForum.com cover the technical details of the flaw, its potential impact on Windows and other systems that embed Expat, and mitigation strategies such as updating to a patched version. The tag aggregates threads and posts related to this specific CVE, including analysis, workarounds, and security advisories.
-
A recently disclosed weakness in the Expat XML parser (libexpat) — tracked as CVE-2025-66382 — can be triggered by a specially crafted XML file of roughly 2 MiB and causes dozens of seconds of CPU time in vulnerable library versions up through Expat 2.7.3, creating an algorithmic-complexity...