CVE-2025-12084
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-16
Assigner: Python Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| python | python | From 3.13.1 (inc) to 3.13.11 (inc) |
| python | python | From 3.13.1 (inc) to 3.13.11 (inc) |
| python | python | 3.15.0 |
| python | python | 3.15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the xml.dom.minidom module when building nested XML elements using methods like appendChild(). The underlying algorithm depends on _clear_id_cache() and has a quadratic time complexity, which means that as the nesting depth increases, the processing time grows significantly. This can lead to performance degradation and impact availability when excessively nested XML documents are constructed.
How can this vulnerability impact me? :
The vulnerability can impact availability by causing significant performance issues when processing or building XML documents with deep nesting. This may lead to slowdowns or denial of service conditions in applications relying on xml.dom.minidom for XML manipulation.