Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 503
Alerts This Week
Warning Icon 1 503

Ubuntu 25.10 Expat Critical DoS Issues USN-8022-1 CVE-2025-59375

ubuntu
Calendar Grey February 11, 2026
Dist Ubuntu Esm H88
Critical security advisory for Ubuntu addressing multiple issues in Expat, requiring immediate attention to prevent Denial of Service.
Several security issues were fixed in Expat.

Summary

Several security issues were fixed in Expat.

Software Description:

- expat: XML parsing C library

Details:

It was discovered that Expat incorrectly handled memory when parsing certain

XML files. An attacker could possibly use this issue to cause a denial of

service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-59375)

It was discovered that Expat incorrectly handled the initialization of parsers

for external entities. An attacker could possibly use this issue to cause a

denial of service. (CVE-2026-24515)

It was discovered that Expat incorrectly handled integer calculations when

allocating memory for XML tags. An attacker could possibly use this issue to

cause a denial of service or execute arbitrary code. (CVE-2026-25210)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  expat                           2.7.1-2ubuntu0.2
  libexpat1                       2.7.1-2ubuntu0.2

Ubuntu 22.04 LTS
  expat                           2.4.7-1ubuntu0.7
  libexpat1                       2.4.7-1ubuntu0.7

Ubuntu 20.04 LTS
  expat                           2.2.9-1ubuntu0.8+esm1
                                  Available with Ubuntu Pro
  libexpat1                       2.2.9-1ubuntu0.8+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  expat                           2.2.5-3ubuntu0.9+esm3
                                  Available with Ubuntu Pro
  libexpat1                       2.2.5-3ubuntu0.9+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  expat                           2.1.0-7ubuntu0.16.04.5+esm11
                                  Available with Ubuntu Pro
  lib64expat1                     2.1.0-7ubuntu0.16.04.5+esm11
                                  Available with Ubuntu Pro
  libexpat1                       2.1.0-7ubuntu0.16.04.5+esm11
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  expat                           2.1.0-4ubuntu1.4+esm11
                                  Available with Ubuntu Pro
  lib64expat1                     2.1.0-4ubuntu1.4+esm11
                                  Available with Ubuntu Pro
  libexpat1                       2.1.0-4ubuntu1.4+esm11
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8022-1

CVE-2025-59375, CVE-2026-24515, CVE-2026-25210

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8022-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.