xmltodict 0.14.2 - XML Injection
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
xmltodict 0.14.2 - XML Injection
Code name
State
Public
Release date
1 de set. de 2025
Affected product
xmltodict
Vendor
xmltodict
Affected version(s)
0.14.2
Vulnerability name
XML Injection
Vulnerability type
Remotely exploitable
Yes
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS v4.0 base score
6.9
Exploit available
Yes
CVE ID(s)
Description
A vulnerability in xmltodict version 0.14.2 allows attackers to perform XML Injection by crafting dictionary keys that are inserted directly as XML tag names without any validation or sanitization. This enables attackers to inject arbitrary and potentially malicious XML markup into the generated output.
Vulnerability
This is a classic XML Injection vulnerability. The core issue is that dictionary keys from user input are used directly as XML tag names in the _emit
function of xmltodict.py
(lines 378-451) without any validation or sanitization. This allows attackers to inject arbitrary XML elements or break the structure of the generated XML document. Here's the relevant code:
The key vulnerability is in the content_handler.startElement()
call, where the key
parameter (directly from user input) is used as an XML tag name without any validation or escaping. This allows an attacker to craft dictionary keys that break out of the intended XML structure. For example, a malicious key like m><tag>content</tag
will be directly inserted into the XML output.
PoC
A minimal Flask server demonstrates the issue. It receives JSON data, passes it to xmltodict.unparse()
, and renders the result in an HTML template:
Payload
When this payload is sent, the generated XML will be:
Evidence of Exploitation
This vulnerability can be exploited by sending a crafted dictionary with malicious keys to any web application that uses xmltodict.unparse()
.

Our security policy
We have reserved the ID CVE-2025-9375 to refer to this issue from now on.
System Information
xmltodict
Version 0.14.2
Operative System: Any
References
Github Repository: https://github.com/martinblech/xmltodict
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Camilo Vera from Fluid Attacks' Offensive Team.
Timeline
24 de jul. de 2025
Vulnerability discovered
22 de ago. de 2025
Vendor contacted
1 de set. de 2025
Public disclosure
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.