xmltodict 0.14.2 - XML Injection

Description

A vulnerability in xmltodict version 0.14.2 allows attackers to perform XML Injection by crafting dictionary keys that are inserted directly as XML tag names without any validation or sanitization. This enables attackers to inject arbitrary and potentially malicious XML markup into the generated output.

Vulnerability

This is a classic XML Injection vulnerability. The core issue is that dictionary keys from user input are used directly as XML tag names in the _emit function of xmltodict.py (lines 378-451) without any validation or sanitization. This allows attackers to inject arbitrary XML elements or break the structure of the generated XML document. Here's the relevant code:

def _emit(key, value, content_handler,
          attr_prefix='@',
          cdata_key='#text',
          depth=0,
          preprocessor=None,
          pretty=False,
          newl='\n',
          indent='\t',
          namespace_separator=':',
          namespaces=None,
          full_document=True,
          expand_iter=None):
    # ... [previous code] ...
    content_handler.startElement(key, AttributesImpl(attrs))  # <-- Vulnerable: key is unsanitized
    # ... [remaining code] ...

The key vulnerability is in the content_handler.startElement() call, where the key parameter (directly from user input) is used as an XML tag name without any validation or escaping. This allows an attacker to craft dictionary keys that break out of the intended XML structure. For example, a malicious key like m><tag>content</tag will be directly inserted into the XML output.

PoC

A minimal Flask server demonstrates the issue. It receives JSON data, passes it to xmltodict.unparse(), and renders the result in an HTML template:

from markupsafe import escape
import xmltodict, json
data = {"m><tag>content</tag": "unsafe"}
xml = xmltodict.unparse(data, full_document=False)
print(xml)

Payload

{"m><tag>content</tag": "unsafe"}

When this payload is sent, the generated XML will be:

<m><tag>content</tag>unsafe</m><tag>content</tag>

Evidence of Exploitation

This vulnerability can be exploited by sending a crafted dictionary with malicious keys to any web application that uses xmltodict.unparse().

Our security policy

We have reserved the ID CVE-2025-9375 to refer to this issue from now on.

Disclosure policy

System Information

• xmltodict

• Version 0.14.2

• Operating System: Any

References

• Github Repository: https://github.com/martinblech/xmltodict

• Patch: https://github.com/martinblech/xmltodict/commit/f98c90f071228ed73df997807298e1df4f790c33

• CHANGELOG: https://github.com/martinblech/xmltodict/blob/v0.15.1/CHANGELOG.md

Mitigation

An updated version of xmltodict is available at the vendor page.

Credits

The vulnerability was discovered by Camilo Vera from Fluid Attacks' Offensive Team.