CVE-2023-52425
CVE Details
Visit the official vulnerability details page for CVE-2023-52425 to learn more.
Initial Publication
01/20/2025
Last Update
09/02/2025
Third Party Dependency
libexpat1
NIST CVE Summary
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE Severity
Our Official Summary
This is a high-severity vulnerability affecting libexpat, a widely used C library for parsing XML. This issue exists in versions up to 2.5.0 and was addressed in version 2.6.0. This arises from inefficient handling of large tokens that require multiple buffer fills during XML parsing. This can lead to excessive reparsing, resulting in uncontrolled resource consumption and potential denial-of-service (DoS) conditions
Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/29/2025 | Status changed from Open to Ongoing |
| 05/29/2025 | Official summary added |