U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-12084 Detail

Description

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  Python Software Foundation
CVSS-B 6.3 MEDIUM
Vector:  CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 Python Software Foundation Patch 
https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 Python Software Foundation Patch 
https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437 Python Software Foundation
https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907 Python Software Foundation
https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d Python Software Foundation
https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8 Python Software Foundation
https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 Python Software Foundation Patch 
https://github.com/python/cpython/issues/142145 Python Software Foundation Issue Tracking  Patch 
https://github.com/python/cpython/pull/142146 Python Software Foundation Issue Tracking  Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-407 Inefficient Algorithmic Complexity CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-12084
NVD Published Date:
12/03/2025
NVD Last Modified:
12/22/2025
Source:
Python Software Foundation