CVE-2025-66372 identifies a security vulnerability in the Mustang software project, specifically versions before 2.16.3. The vulnerability is classified under CWE-611, which pertains to improper restriction of XML External Entity (XXE) references. XXE vulnerabilities occur when XML parsers process external entity references without adequate validation or restriction, allowing attackers to read arbitrary files on the host system or perform other unauthorized actions. In this case, Mustang's XML processing component allows an attacker to craft malicious XML input that triggers external entity resolution, leading to exfiltration of files from the local filesystem. The vulnerability requires the attacker to have local access with low privileges, and the attack complexity is high, meaning exploitation is non-trivial and likely requires specific conditions or knowledge. No user interaction is necessary once local access is obtained. The CVSS v3.1 score is 2.8, indicating a low severity primarily due to the limited impact on confidentiality (partial file disclosure), no impact on integrity or availability, and the requirement for local privileges and high attack complexity. There are currently no known exploits in the wild, and no official patches have been linked, though upgrading to Mustang 2.16.3 or later is recommended once available. The vulnerability highlights the importance of secure XML parsing configurations and input validation to prevent XXE attacks.

For European organizations, the primary impact of CVE-2025-66372 is the potential unauthorized disclosure of sensitive files via XXE exploitation if Mustang is used in their environments. This could lead to leakage of confidential data, intellectual property, or personally identifiable information, depending on the files accessible by the application. Since exploitation requires local access with low privileges, the threat is more relevant in scenarios where attackers have already compromised internal systems or have insider access. The high attack complexity reduces the likelihood of widespread exploitation, but targeted attacks against critical infrastructure or sensitive data repositories remain a concern. Organizations in sectors such as finance, healthcare, government, and software development that utilize Mustang for XML processing may face increased risk. The vulnerability does not affect system integrity or availability, so the primary concern is confidentiality. Lack of known exploits and patches means organizations must be vigilant in monitoring and applying updates promptly once available.

1. Upgrade Mustang to version 2.16.3 or later as soon as a patch addressing CVE-2025-66372 is released. 2. In the interim, configure XML parsers used by Mustang to disable external entity processing and DTDs, effectively mitigating XXE risks. 3. Implement strict input validation and sanitization for all XML inputs to prevent malicious payloads. 4. Restrict local access to systems running Mustang to trusted users only, minimizing the risk of local exploitation. 5. Monitor system logs and file access patterns for unusual activity indicative of XXE exploitation attempts. 6. Employ application whitelisting and endpoint protection to detect and block suspicious local processes. 7. Conduct security awareness training for staff to recognize and report potential insider threats. 8. Review and harden internal network segmentation to limit lateral movement if local access is gained. 9. Maintain an inventory of Mustang deployments across the organization to ensure comprehensive patch management. 10. Engage in threat hunting exercises focused on detecting XXE exploitation indicators within internal environments.