6 matches found
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
CVE-2025-6438
Schneider Electric EcoStruxure IT Data Center Expert (prior to 9.0; affected versions 8.3 and earlier) is affected by CVE-2025-6438: XML External Entity (XXE) injection via the DataExchange SOAP route, enabling unauthenticated or low-privilege exploitation to read local files and potentially caus...
CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account...
Schneider Electric EcoStruxure IT Data Center Expert XML External Entities Injection
Vulnerability Details Affected Vendor: Schneider Electric Affected Product: EcoStruxure IT Data Center Expert Affected Version: 8.3 and prior Platform: CentOS CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2025-6438 2. Vulnerability Description The...