CVE-2025-12084
MEDIUM severity · CVSS 5.3 · CWE-407
5.3CVSS MEDIUM
Summary
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactLow
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 ↗
Additional information
- NVD record
- https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0Patch
- https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4Patch
- https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437
- https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af
- https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273
- https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907
- https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d
- https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8