7 matches found
CVE-2025-47293
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...
CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...
CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...
CVE-2025-47293
CVE-2025-47293 concerns PowSyBl (Power System Blocks) where powsybl-core XML parsing via com.powsybl.commons.xml.XmlReader is vulnerable to XXE and SSRF. The root cause is treating XmlReader as trusted when untrusted XML (CGMES/XIIDM) is submitted, allowing privilege escalation to read sensitive ...
com.powsybl:powsybl-distribution-core (>=6.0.0 <=6.7.1) potentially affected by CVE-2025-47293 via com.powsybl:powsybl-cim-anonymiser (>=6.0.0-RC1 <=6.7.1)
com.powsybl:powsybl-cim-anonymiser MAVEN version =6.0.0-RC1, =6.0.0, =6.7.1 Source cves: CVE-2025-47293 Source advisory: SNYK:JAVA-COMPOWSYBL-10442134...
com.farao-community.farao:csa-runner-api (>=1.2.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=0.0.1 <=2.6.1) +345 more potentially affected by CVE-2025-47293 via com.powsybl:powsybl-commons (>=1.0.0 <=6.7.1)
com.powsybl:powsybl-commons MAVEN version =1.0.0, =1.2.1, =0.0.1, =4.1.4, =1.0.0, =3.9.3, =1.0.0, =3.7.1, =2.0.0, =3.0.0, =2.4.1, =3.9.0, =4.5.0, =3.3.3, =3.6.0, =5.0.0 and more Source cves: CVE-2025-47293 Source advisory: OSV:GHSA-QPJ9-QCWX-8JV2...
com.farao-community.farao:csa-runner-api (>=1.2.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.2.1 <=2.6.1) +268 more potentially affected by CVE-2025-47293 via com.powsybl:powsybl-commons (>=6.0.0-RC1 <=6.7.1)
com.powsybl:powsybl-commons MAVEN version =6.0.0-RC1, =1.2.1, =1.2.1, =4.6.1, =4.6.1, =4.6.0, =4.6.1, =4.6.0, =4.6.1, =4.6.1, =4.6.1, =4.6.1, =4.6.0, =4.6.1, =4.6.1, =4.6.1, =5.0.0 and more Source cves: CVE-2025-47293 Source advisory: SNYK:JAVA-COMPOWSYBL-10442135...