What is CVE-2025-66578?

CVE-2025-66578 is a medium-severity vulnerability in Robrichards Xmlseclibs, classified under CWE-248. CVSS score: 6.0/10. Published 2025-12-09.

How severe is CVE-2025-66578?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Vulnerability in Robrichards Xmlseclibs

CVE-2025-66578

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When…

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L.

Affected products

Robrichards Xmlseclibs — versions < 3.1.4

Weakness classification (CWE)

CWE-248

References

https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9 (x_refsource_CONFIRM)
https://github.com/robrichards/xmlseclibs/commit/69fd63080bc47a8d51bc101c30b7cb756862d1d6 (x_refsource_MISC)
https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-66578?: CVE-2025-66578 is a medium-severity vulnerability in Robrichards Xmlseclibs, classified under CWE-248. CVSS score: 6.0/10. Published 2025-12-09.
How severe is CVE-2025-66578?: Medium severity. CVSS v3 base score is 6.0 out of 10.