CVE-2025-48882: PHPOffice Math allows XXE when processing an XML file in the MathML format

8.7 CVSS

Description

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

Classification

CVE ID: CVE-2025-48882

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-611: Improper Restriction of XML External Entity Reference

Affected Products

Vendor: PHPOffice

Product: Math

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.9% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48882
https://github.com/PHPOffice/Math/security/advisories/GHSA-42hm-pq2f-3r7m
https://github.com/PHPOffice/Math/commit/fc31c8f57a7a81f962cbf389fd89f4d9d06fc99a

Timeline

2025-05-30 20:40:12 UTC
CVE

PHPOffice Math allows XXE when processing an XML file in the MathML format