CVE-2025-12084

MEDIUM EPSS 48.3%
Published Dec 3, 20257mo ago · Modified Jun 17, 20262w ago
6.3 CVSS 4.0
Medium
Find Similar
Published Dec 3, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

CVSS Details

Base Score
6.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
48.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-407

Affected Products 4

VendorProductVersionRange
pythonpython* <3.13.11
pythonpython*≥3.14.0  –  <3.14.2
pythonpython3.15.0any
pythonpython3.15.0any

References 14

  • github.com https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0
    Patch
  • github.com https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
    Patch
  • github.com https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437
  • github.com https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af
  • github.com https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273
  • github.com https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907
  • github.com https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d
  • github.com https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8
  • github.com https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8
  • github.com https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0
  • github.com https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964
    Patch
  • github.com https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53
  • github.com https://github.com/python/cpython/issues/142145
    Issue TrackingPatch
  • github.com https://github.com/python/cpython/pull/142146
    Issue TrackingPatch

Remediation

  • github.com https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0
    Patch
  • github.com https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
    Patch
  • github.com https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964
    Patch
  • github.com https://github.com/python/cpython/issues/142145
    Issue TrackingPatch
  • github.com https://github.com/python/cpython/pull/142146
    Issue TrackingPatch