CVE-2025-48882 – PHPOffice Math XML External Entity (XXE) Vulnerability

May 30, 2025

CVE ID : CVE-2025-48882

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48946 – Liboqs HQC Algorithmic Design Flaw Vulnerability

Next Article CVE-2025-48874 – Apache HTTP Server Insecure Deserialization

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Top 7 Computer Performance Test Tools Online (Free & Fast)

Top 7 Computer Performance Test Tools Online (Free & Fast)

10 Best Windows 11 Encryption Software

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-48882 – PHPOffice Math XML External Entity (XXE) Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-4799 – WordPress WP-DownloadManager Remote File Deletion Vulnerability

This month in security with Tony Anscombe – March 2025 edition

CVE-2025-4318 (CVSS 9.5): AWS Amplify RCE Flaw Exposed with PoC – CI/CD Pipelines at Risk

CVE-2025-5646 – “Radare2 Rainbow Free Memory Corruption Vulnerability”

CVE-2025-49212 – Trend Micro Endpoint Encryption PolicyServer Deserialization Remote Code Execution Vulnerability

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

Salesforce AI Research Introduces New Benchmarks, Guardrails, and Model Architectures to Advance Trustworthy and Capable AI Agents

CVE-2024-27779 – FortiSandbox FortiIsolator Insufficient Session Expiration Vulnerability

CVE-2025-48882 – PHPOffice Math XML External Entity (XXE) Vulnerability

Related Posts