CVE-2025-68463

Опубликовано: 18 дек. 2025

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

Bio.Entrez in Biopython through 186 allows doctype XXE.

A flaw was found in python-biopython. The Bio.Entrez module is vulnerable to an XML External Entity (XXE) attack when processing untrusted XML data. A remote attacker could exploit this vulnerability to disclose sensitive information from the system or potentially cause a denial of service (DoS) by consuming system resources.

Отчет

This vulnerability is rated Moderate because the Bio.Entrez module in python-biopython is susceptible to XML External Entity (XXE) attacks when processing untrusted XML data. This could lead to information disclosure or denial of service. This affects python-biopython as shipped in Fedora 42 and Fedora 43.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=2423501python-biopython: python-biopython: Information disclosure via XML External Entity (XXE) vulnerability in Bio.Entrez

EPSS

Процентиль: 16%

0.00051

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2025-68463

CVSS3: 4.9

ubuntu

4 месяца назад

Bio.Entrez in Biopython through 186 allows doctype XXE.

CVE-2025-68463

CVSS3: 4.9

nvd

4 месяца назад

Bio.Entrez in Biopython through 186 allows doctype XXE.

CVE-2025-68463

CVSS3: 4.9

debian

4 месяца назад

Bio.Entrez in Biopython through 186 allows doctype XXE.

GHSA-x3vf-39hj-gxr4

CVSS3: 4.9

github

4 месяца назад

Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez

EPSS

Процентиль: 16%

0.00051

Низкий

7.1 High

CVSS3