SUSE-SU-2025:03537-1

UNKNOWN

Security update for expat

Published Oct 10, 2025

Modified 4 months ago

Fix available

Details

This update for expat fixes the following issues:

CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584).

Affected Packages

expat

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.7.1-150000.3.39.1

libexpat-devel

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3

Fixed in:

2.7.1-150000.3.39.1

libexpat1

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Micro 5.2SUSE Linux Enterprise Server 15 SP3-LTSS

Fixed in:

2.7.1-150000.3.39.1

libexpat1-32bit

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3-LTSSSUSE Linux Enterprise Server 15 SP3-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP3

Fixed in:

2.7.1-150000.3.39.1

References

REPORT

https://bugzilla.suse.com/1249584

WEB

https://www.suse.com/security/cve/CVE-2025-59375

ADVISORY

https://www.suse.com/support/update/announcement/2025/suse-su-202503537-1/

Upstream

CVE-2025-59375

Ecosystems(6)

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS

Timeline

PublishedOct 10, 2025

ModifiedOct 10, 2025

SUSE-SU-2025:03537-1 | Mondoo Vulnerability Intelligence