CVE-2025-66372

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-66372

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66372.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-66372

Aliases

GHSA-x832-fpvj-r5ph

Published

2025-11-28T04:16:01.470Z

Modified

2025-12-03T02:18:51.992211Z

Severity

2.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mustang before 2.16.3 allows exfiltrating files via XXE attacks.

References

Affected packages

Git / github.com/zugferd/mustangproject

Affected ranges

Type: GIT
Repo: https://github.com/zugferd/mustangproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c3332c3329748534a6ee8d2aed174bd1da62d9b4

Affected versions

1.*

1.3.1

1.4.0

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.1

core-1.*

core-1.9.0-alpha1

core-1.9.0-alpha2

core-1.9.0-alpha3

core-2.*

core-2.0.0-alpha3

core-2.0.1

core-2.0.2

core-2.0.3

core-2.1.0

core-2.1.1

core-2.10.0

core-2.11.0

core-2.12.0

core-2.13.0

core-2.14.0

core-2.14.1

core-2.14.2

core-2.15.0

core-2.15.1

core-2.15.2

core-2.16.0

core-2.16.1

core-2.16.2

core-2.2.0

core-2.2.1

core-2.3.0

core-2.3.1

core-2.3.2

core-2.3.3

core-2.4.0

core-2.5.0

core-2.5.1

core-2.5.2

core-2.5.3

core-2.5.4

core-2.5.5

core-2.5.6

core-2.5.7

core-2.6.0

core-2.6.1

core-2.6.2

core-2.7.0

core-2.7.1

core-2.7.2

core-2.7.3

core-2.8.0

core-2.9.0

mustang-1.*

mustang-1.4.0

mustang-1.5.0

mustang-1.5.1

mustang-1.5.3

mustang-1.5.4

mustang-1.5.5

mustang-1.6.0

mustang-1.7.0

mustang-1.7.1

mustang-1.7.2

mustang-1.7.3

mustang-1.7.4

mustang-1.7.5

mustang-1.7.6

mustang-2.*

mustang-2.0.0-alpha1

v1.*

v1.0.0

v1.4.0

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v2.*

v2.1.0