Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/07/13 9:22 a.m.15 views

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

5.9CVSS6.6AI score0.00391EPSS
Exploits1References1
NVD
NVD
added 2025/07/11 9:15 a.m.31 views

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

5.9CVSS0.00391EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/11 9:6 a.m.6 views

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

5.9CVSS6.6AI score0.00391EPSS
Exploits1References1
CVE
CVE
added 2025/07/11 9:6 a.m.44 views

CVE-2025-6438

Schneider Electric EcoStruxure IT Data Center Expert (prior to 9.0; affected versions 8.3 and earlier) is affected by CVE-2025-6438: XML External Entity (XXE) injection via the DataExchange SOAP route, enabling unauthenticated or low-privilege exploitation to read local files and potentially caus...

5.9CVSS6.6AI score0.00391EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/11 9:6 a.m.33 views

CVE-2025-6438

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...

5.9CVSS0.00391EPSS
Exploits1References1
KoreLogic Security
KoreLogic Security
added 2025/07/09 12:0 a.m.75 views

Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection

Vulnerability Details Affected Vendor: Schneider Electric Affected Product: EcoStruxure IT Data Center Expert Affected Version: 8.3 and prior Platform: CentOS CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2025-6438 2. Vulnerability Description The...

5.9CVSS7.1AI score0.00391EPSS
Exploits1Affected Software1
Rows per page
Query Builder