How to fix CVE-2025-12084?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Ubuntu affected by CVE-2025-12084?

CVE-2025-12084 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments. A patch is available and should be applied during regular vulnerability management.

CVE-2025-12084

EUVD-2025-201088 MEDIUM

2025-12-03 [email protected]

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201088

Patch Released

Mar 15, 2026 - 16:14 nvd

Patch available

CVE Published

Dec 03, 2025 - 19:15 nvd

MEDIUM 5.3

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Analysis

CVE-2025-12084 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical Context

Vulnerability type not specified by vendor.

Affected Products

['Unspecified product']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: 0

Vendor Status

Ubuntu

Priority: Medium

jython

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage

pypy3

Release	Status	Version
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage

python2.7

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-

python3.4

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
trusty	released	3.4.3-1ubuntu1~14.04.7+esm19

python3.5

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
trusty	released	3.5.2-2ubuntu0~16.04.4~14.04.1+esm9
xenial	released	3.5.2-2ubuntu0~16.04.13+esm21

python3.6

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
bionic	released	3.6.9-1~18.04ubuntu1.13+esm8

python3.7

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
bionic	released	3.7.5-2ubuntu1~18.04.2+esm9

python3.8

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
bionic	released	3.8.0-3ubuntu1~18.04.2+esm9
focal	released	3.8.10-0ubuntu1~20.04.18+esm5

python3.9

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
focal	released	3.9.5-3ubuntu0~20.04.1+esm9

python3.10

Release	Status	Version
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
jammy	released	3.10.12-1~22.04.14

python3.11

Release	Status	Version
noble	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
jammy	released	3.11.0~rc1-1~22.04.1~esm8

python3.12

Release	Status	Version
jammy	DNE	-
plucky	DNE	-
questing	DNE	-
upstream	needs-triage	-
noble	released	3.12.3-1ubuntu0.11

python3.13

Release	Status	Version
jammy	DNE	-
noble	DNE	-
upstream	released	3.13.11-1
plucky	ignored	end of life, was needs-triage
questing	released	3.13.7-1ubuntu0.3

python3.14

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
upstream	released	3.14.2-1
questing	released	3.14.0-1ubuntu0.2

USN-8018-1

Debian

Bug #1126785

jython

Release	Status	Fixed Version	Urgency
bullseye	fixed	(unfixed)	end-of-life
forky, sid, bookworm, trixie	vulnerable	2.7.3+repack1-1	-
(unstable)	fixed	(unfixed)	-

pypy3

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	7.3.5+dfsg-2+deb11u2	-
bullseye (security)	vulnerable	7.3.5+dfsg-2+deb11u5	-
bookworm	vulnerable	7.3.11+dfsg-2+deb12u3	-
trixie	vulnerable	7.3.19+dfsg-2	-
forky, sid	vulnerable	7.3.20+dfsg-4	-
(unstable)	fixed	(unfixed)	-

python2.7

Release	Status	Fixed Version	Urgency
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	(unfixed)	-

python3.11

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	3.11.2-6+deb12u6	-
bookworm (security)	vulnerable	3.11.2-6+deb12u3	-
(unstable)	fixed	(unfixed)	-

python3.13

Release	Status	Fixed Version	Urgency
trixie	vulnerable	3.13.5-2	-
forky, sid	fixed	3.13.12-1	-
(unstable)	fixed	3.13.11-1	-

python3.14

Release	Status	Fixed Version	Urgency
forky	fixed	3.14.3-1	-
sid	fixed	3.14.3-2	-
(unstable)	fixed	3.14.2-1	-

python3.9

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.9.2-1+deb11u5	-
bullseye (security)	fixed	3.9.2-1+deb11u5	-
(unstable)	fixed	(unfixed)	-

DLA-4445-1 DLA-4455-1

CVE-2025-12084 vulnerability details – vuln.today

Back

CVE-2025-12084

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-12084

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code