Description

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

INFO

Published Date :

2025-05-30T19:43:35.441Z

Last Modified :

2025-05-30T20:46:17.339Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48882 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48882.

URL Resource
https://github.com/PHPOffice/Math/commit/fc31c8f57a7a81f962cbf389fd89f4d9d06fc99a cve-icon cve-icon
https://github.com/PHPOffice/Math/security/advisories/GHSA-42hm-pq2f-3r7m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability