CVE-2025-66372 is a vulnerability classified under CWE-611, which pertains to improper restriction of XML External Entity (XXE) references in the Mustang software project. Mustang versions prior to 2.16.3 allow attackers to exploit this flaw to exfiltrate files from the local system. XXE vulnerabilities arise when XML parsers process external entity references without adequate validation or restriction, enabling attackers to read arbitrary files or perform other malicious actions. In this case, the vulnerability requires the attacker to have local access with low privileges and does not require user interaction, but the attack complexity is high, indicating that exploitation is non-trivial. The CVSS v3.1 score is 2.8, reflecting a low severity primarily due to the limited attack vector (local access), high complexity, and requirement for some privileges. The vulnerability impacts confidentiality by allowing unauthorized disclosure of files but does not affect integrity or availability. No public exploits or active exploitation have been reported to date. Mustang is a software tool used in various development and integration workflows, and the vulnerability could be leveraged in environments where untrusted XML input is processed. The fix involves upgrading to Mustang version 2.16.3 or later, where proper restrictions on XML external entities have been implemented to prevent this exfiltration.

For European organizations, the primary impact of CVE-2025-66372 is the potential unauthorized disclosure of sensitive local files through XXE attacks in Mustang software environments. This could lead to leakage of confidential information, intellectual property, or credentials stored on affected systems. Since exploitation requires local access with low privileges, the threat is more relevant in scenarios where internal users or attackers have some foothold within the network or system. The vulnerability does not compromise system integrity or availability, limiting the scope of damage. However, in regulated industries such as finance, healthcare, or government sectors within Europe, even limited data exfiltration can have serious compliance and reputational consequences. Organizations using Mustang in development, testing, or integration pipelines should assess exposure and prioritize patching. The lack of known exploits reduces immediate risk but does not eliminate the potential for future attacks, especially as attackers develop more sophisticated methods to gain local access or escalate privileges.

1. Upgrade Mustang to version 2.16.3 or later, where the XXE vulnerability has been addressed by properly restricting XML external entity processing. 2. Implement strict access controls to limit local access to systems running Mustang, reducing the risk of an attacker gaining the necessary privileges to exploit the vulnerability. 3. Employ application whitelisting and endpoint protection to detect and prevent unauthorized execution of malicious code that could leverage this flaw. 4. Conduct regular security audits and code reviews of XML processing components to ensure no other XXE or related vulnerabilities exist. 5. Use XML parsers and libraries configured with secure defaults that disable external entity resolution unless explicitly required and validated. 6. Monitor logs and network traffic for unusual file access patterns or exfiltration attempts related to Mustang usage. 7. Educate developers and system administrators about the risks of XXE and secure XML handling best practices to prevent similar vulnerabilities in the future.