CVE-2025-6985
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-08
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lxml | lxml | 5.0 |
| langchain | langchain-text-splitters | 0.3.8 |
| lxml | lxml | 4.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the HTMLSectionSplitter class of langchain-text-splitters version 0.3.8, which uses unsafe XSLT parsing. It allows attackers to exploit XML External Entity (XXE) attacks by using arbitrary XSLT stylesheets parsed without security hardening. This leads to the resolution of external entities by default in certain lxml versions, enabling attackers to read arbitrary local files or perform outbound HTTP(S) requests. Essentially, attackers can remotely read any file accessible to the LangChain process without authentication or special privileges.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing remote attackers to gain unauthorized read-only access to any file that the LangChain process can access. This includes sensitive files such as SSH keys, environment configuration files, source code, or cloud metadata. Since no authentication or user interaction is required, attackers can exploit this in default deployments that enable custom XSLT, potentially leading to information disclosure and security breaches.