CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0	Patch
https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4	Patch
https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964	Patch
https://github.com/python/cpython/issues/142145	Issue Tracking Patch
https://github.com/python/cpython/pull/142146	Issue Tracking Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python:3.15.0:alpha1::::::
	cpe:2.3:a:python:python:3.15.0:alpha2::::::

History

16 Dec 2025, 21:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:python:python:3.15.0:alpha2:::::: cpe:2.3:a:python:python:3.15.0:alpha1:::::: cpe:2.3:a:python:python::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Python Python python
References	~~() https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 -~~	() https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 - Patch
References	~~() https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 -~~	() https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 - Patch
References	~~() https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 -~~	() https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 - Patch
References	~~() https://github.com/python/cpython/issues/142145 -~~	() https://github.com/python/cpython/issues/142145 - Issue Tracking, Patch
References	~~() https://github.com/python/cpython/pull/142146 -~~	() https://github.com/python/cpython/pull/142146 - Issue Tracking, Patch

05 Dec 2025, 17:16

Type	Values Removed	Values Added
References		() https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 - () https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 -

03 Dec 2025, 20:16

Type	Values Removed	Values Added
CWE		CWE-407

03 Dec 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-03 19:15

Updated : 2025-12-16 21:13

NVD link : CVE-2025-12084

Mitre link : CVE-2025-12084

CVE.ORG link : CVE-2025-12084

JSON object : View

Products Affected

python

python

CWE

CWE-407

Inefficient Algorithmic Complexity

5.3 /10