CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

GHSA-JQMR-2PG9-VFX7 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +488 more potentially affected by CVE-2025-68280 via org.apache.sis.core:sis-metadata (>=0.4 <=1.5)

org.apache.sis.core:sis-metadata MAVEN version =0.4, =1.1.0, =3.6.0, =3.6.1, =3.11.0, =3.19.0 - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-68280 Source advisory: SNYK:JAVA-ORGAPACHESISCORE-14874786...

CVE-2025-68280

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

CVE-2025-68280 Apache SIS: XML External Entity (XXE) vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

CVE-2025-68280

CVE-2025-68280 affects Apache SIS versions 0.4–1.5. The issue is an improper restriction of XML External Entity (XXE) references, allowing an XML document to disclose content from the server’s local filesystem when parsed by SIS. Impacted services include reading GeoTIFFs with the GEO_METADATA ta...

EUVD-2026-0849

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

PT-2026-1285

Name of the Vulnerable Software and Affected Versions Apache SIS versions 0.4 through 1.5 Description An improper restriction of XML external entity reference issue exists in Apache SIS. An attacker can craft XML files that, when parsed by Apache SIS, reveal the content of local files on the...

Apache SIS 安全漏洞

Apache SIS is an open source library for spatial information from the Apache Foundation. A security vulnerability exists in Apache SIS versions 0.4 through 1.5, which stems from an improperly restricted XML external entity reference that could result in reading a server-local file...