xmltodict 0.14.2 - XML Injection

6,9

Medium

6,9

Medium

Discovered by

Camilo Vera

Offensive Team, Fluid Attacks

Summary

Full name

xmltodict 0.14.2 - XML Injection

Code name

State

Public

Release date

1 sept 2025

Affected product

xmltodict

Vendor

xmltodict

Affected version(s)

0.14.2

Vulnerability name

XML Injection

Remotely exploitable

Yes

CVSS v4.0 vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CVSS v4.0 base score

6.9

Exploit available

Yes

CVE ID(s)

Description

A vulnerability in xmltodict version 0.14.2 allows attackers to perform XML Injection by crafting dictionary keys that are inserted directly as XML tag names without any validation or sanitization. This enables attackers to inject arbitrary and potentially malicious XML markup into the generated output.

Vulnerability

This is a classic XML Injection vulnerability. The core issue is that dictionary keys from user input are used directly as XML tag names in the _emit function of xmltodict.py (lines 378-451) without any validation or sanitization. This allows attackers to inject arbitrary XML elements or break the structure of the generated XML document. Here's the relevant code:

def _emit(key, value, content_handler,
          attr_prefix='@',
          cdata_key='#text',
          depth=0,
          preprocessor=None,
          pretty=False,
          newl='\n',
          indent='\t',
          namespace_separator=':',
          namespaces=None,
          full_document=True,
          expand_iter=None):
    # ... [previous code] ...
    content_handler.startElement(key, AttributesImpl(attrs))  # <-- Vulnerable: key is unsanitized
    # ... [remaining code] ...

The key vulnerability is in the content_handler.startElement() call, where the key parameter (directly from user input) is used as an XML tag name without any validation or escaping. This allows an attacker to craft dictionary keys that break out of the intended XML structure. For example, a malicious key like m><tag>content</tag will be directly inserted into the XML output.

PoC

A minimal Flask server demonstrates the issue. It receives JSON data, passes it to xmltodict.unparse(), and renders the result in an HTML template:

from markupsafe import escape
import xmltodict, json
data = {"m><tag>content</tag": "unsafe"}
xml = xmltodict.unparse(data, full_document=False)
print(xml)

Payload

{"m><tag>content</tag": "unsafe"}

When this payload is sent, the generated XML will be:

<m><tag>content</tag>unsafe</m><tag>content</tag>

Evidence of Exploitation

This vulnerability can be exploited by sending a crafted dictionary with malicious keys to any web application that uses xmltodict.unparse().

Our security policy

We have reserved the ID CVE-2025-9375 to refer to this issue from now on.

Disclosure policy

System Information

xmltodict

  • Version 0.14.2

  • Operative System: Any

References

Mitigation

There is currently no patch available for this vulnerability.

Credits

The vulnerability was discovered by Camilo Vera from Fluid Attacks' Offensive Team.

Timeline

24 jul 2025

Vulnerability discovered

22 ago 2025

Vendor contacted

1 sept 2025

Public disclosure

Does your application use this vulnerable software?

During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

Las soluciones de Fluid Attacks permiten a las organizaciones identificar, priorizar y remediar vulnerabilidades en su software a lo largo del SDLC. Con el apoyo de la IA, herramientas automatizadas y pentesters, Fluid Attacks acelera la mitigación de la exposición al riesgo de las empresas y fortalece su postura de ciberseguridad.

SOC 2 Type II

SOC 3

Suscríbete a nuestro boletín

Mantente al día sobre nuestros próximos eventos y los últimos blog posts, advisories y otros recursos interesantes.

Las soluciones de Fluid Attacks permiten a las organizaciones identificar, priorizar y remediar vulnerabilidades en su software a lo largo del SDLC. Con el apoyo de la IA, herramientas automatizadas y pentesters, Fluid Attacks acelera la mitigación de la exposición al riesgo de las empresas y fortalece su postura de ciberseguridad.

SOC 2 Type II

SOC 3

Suscríbete a nuestro boletín

Mantente al día sobre nuestros próximos eventos y los últimos blog posts, advisories y otros recursos interesantes.

Las soluciones de Fluid Attacks permiten a las organizaciones identificar, priorizar y remediar vulnerabilidades en su software a lo largo del SDLC. Con el apoyo de la IA, herramientas automatizadas y pentesters, Fluid Attacks acelera la mitigación de la exposición al riesgo de las empresas y fortalece su postura de ciberseguridad.

SOC 2 Type II

SOC 3

Suscríbete a nuestro boletín

Mantente al día sobre nuestros próximos eventos y los últimos blog posts, advisories y otros recursos interesantes.