Search for vulnerabilities
Vulnerability details: VCID-guug-uscd-8yc7
Vulnerability ID VCID-guug-uscd-8yc7
Aliases CVE-2009-2625
GHSA-334p-wv2m-w3vp
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=125787273209737&w=2
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-1232.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-1537.html
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
epss 0.00432 https://api.first.org/data/v1/epss?cve=CVE-2009-2625
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=512921
generic_textual MODERATE http://secunia.com/advisories/36162
generic_textual MODERATE http://secunia.com/advisories/36176
generic_textual MODERATE http://secunia.com/advisories/36180
generic_textual MODERATE http://secunia.com/advisories/36199
generic_textual MODERATE http://secunia.com/advisories/37300
generic_textual MODERATE http://secunia.com/advisories/37460
generic_textual MODERATE http://secunia.com/advisories/37671
generic_textual MODERATE http://secunia.com/advisories/37754
generic_textual MODERATE http://secunia.com/advisories/38231
generic_textual MODERATE http://secunia.com/advisories/38342
generic_textual MODERATE http://secunia.com/advisories/43300
generic_textual MODERATE http://secunia.com/advisories/50549
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-334p-wv2m-w3vp
generic_textual MODERATE https://github.com/apache/xerces2-j/commit/0bdf77af1d4fd26ec2e630fb6d12e2dfa77bc12b
generic_textual MODERATE http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
generic_textual MODERATE https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2009-2625
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1199.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1200.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1201.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1636.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1637.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1649.html
generic_textual MODERATE https://rhn.redhat.com/errata/RHSA-2009-1650.html
generic_textual MODERATE https://snyk.io/vuln/SNYK-JAVA-XERCES-32014
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1
generic_textual MODERATE http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
generic_textual MODERATE http://www.cert.fi/en/reports/2009/vulnerability2009085.html
generic_textual MODERATE http://www.codenomicon.com/labs/xml
generic_textual MODERATE http://www.debian.org/security/2010/dsa-1984
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2011:108
generic_textual MODERATE http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/09/06/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/10/22/9
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/10/23/6
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2009/10/26/3
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2009-1615.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2011-0858.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/35958
generic_textual MODERATE http://www.securitytracker.com/id?1022680
generic_textual MODERATE http://www.ubuntu.com/usn/USN-890-1
generic_textual MODERATE http://www.us-cert.gov/cas/techalerts/TA09-294A.html
generic_textual MODERATE http://www.us-cert.gov/cas/techalerts/TA10-012A.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2009-0016.html
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/2543
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/3316
generic_textual MODERATE http://www.vupen.com/english/advisories/2011/0359
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://rhn.redhat.com/errata/RHSA-2012-1537.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2625.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2625
https://bugzilla.redhat.com/show_bug.cgi?id=512921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/37300
http://secunia.com/advisories/37460
http://secunia.com/advisories/37671
http://secunia.com/advisories/37754
http://secunia.com/advisories/38231
http://secunia.com/advisories/38342
http://secunia.com/advisories/43300
http://secunia.com/advisories/50549
https://github.com/apache/xerces2-j/commit/0bdf77af1d4fd26ec2e630fb6d12e2dfa77bc12b
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2009-2625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356
https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html
https://snyk.io/vuln/SNYK-JAVA-XERCES-32014
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml
http://www.debian.org/security/2010/dsa-1984
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.mandriva.com/security/advisories?name=MDVSA-2011:108
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.openwall.com/lists/oss-security/2009/09/06/1
http://www.openwall.com/lists/oss-security/2009/10/22/9
http://www.openwall.com/lists/oss-security/2009/10/23/6
http://www.openwall.com/lists/oss-security/2009/10/26/3
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.redhat.com/support/errata/RHSA-2009-1615.html
http://www.redhat.com/support/errata/RHSA-2011-0858.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35958
http://www.securitytracker.com/id?1022680
http://www.ubuntu.com/usn/USN-890-1
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
http://www.us-cert.gov/cas/techalerts/TA10-012A.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2011/0359
542210 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542210
CVE-2009-2625 https://bugzilla.redhat.com/CVE-2009-2625
GHSA-334p-wv2m-w3vp https://github.com/advisories/GHSA-334p-wv2m-w3vp
RHSA-2009:1199 https://access.redhat.com/errata/RHSA-2009:1199
RHSA-2009:1200 https://access.redhat.com/errata/RHSA-2009:1200
RHSA-2009:1201 https://access.redhat.com/errata/RHSA-2009:1201
RHSA-2009:1236 https://access.redhat.com/errata/RHSA-2009:1236
RHSA-2009:1505 https://access.redhat.com/errata/RHSA-2009:1505
RHSA-2009:1551 https://access.redhat.com/errata/RHSA-2009:1551
RHSA-2009:1582 https://access.redhat.com/errata/RHSA-2009:1582
RHSA-2009:1615 https://access.redhat.com/errata/RHSA-2009:1615
RHSA-2009:1636 https://access.redhat.com/errata/RHSA-2009:1636
RHSA-2009:1637 https://access.redhat.com/errata/RHSA-2009:1637
RHSA-2009:1649 https://access.redhat.com/errata/RHSA-2009:1649
RHSA-2009:1650 https://access.redhat.com/errata/RHSA-2009:1650
RHSA-2009:1662 https://access.redhat.com/errata/RHSA-2009:1662
RHSA-2010:0043 https://access.redhat.com/errata/RHSA-2010:0043
RHSA-2011:0858 https://access.redhat.com/errata/RHSA-2011:0858
RHSA-2012:0725 https://access.redhat.com/errata/RHSA-2012:0725
RHSA-2012:1232 https://access.redhat.com/errata/RHSA-2012:1232
RHSA-2012:1537 https://access.redhat.com/errata/RHSA-2012:1537
RHSA-2013:0763 https://access.redhat.com/errata/RHSA-2013:0763
USN-814-1 https://usn.ubuntu.com/814-1/
USN-890-1 https://usn.ubuntu.com/890-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.54929
EPSS Score 0.00326
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:41.376136+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0