Search by 
zendframework/zendframework Security Advisories for 2.5.0 (1)
-
XXE/XEE vector when using ZendXml on multibyte payloads
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.6|>=2.5.0,<2.5.1
Reported by:
FriendsOfPHP/security-advisories