CVE-2025-66372: Mustangproject allows exfiltrating files via XXE attacks
(updated )
Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
References
- github.com/ZUGFeRD/mustangproject
- github.com/ZUGFeRD/mustangproject/commit/6461dad8d3d7876547155dacbd28b458f1eb2e0b
- github.com/ZUGFeRD/mustangproject/issues/685
- github.com/ZUGFeRD/mustangproject/pull/725
- github.com/ZUGFeRD/mustangproject/releases/tag/core-2.16.3
- github.com/advisories/GHSA-x832-fpvj-r5ph
- nvd.nist.gov/vuln/detail/CVE-2025-66372
Code Behaviors & Features
Detect and mitigate CVE-2025-66372 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →