CVE-2025-10183

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

CVE-2025-10183 XML External Entity Injection in TecConnect 4.1

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

PT-2025-36738

Name of the Vulnerable Software and Affected Versions: TecCom TecConnect version 4.1 Description: The OpenMessaging webservice in TecCom TecConnect version 4.1 contains a blind XML External Entity XXE injection. This allows an unauthenticated attacker to exfiltrate arbitrary files to an...

TecCom TecConnect 安全漏洞

TecCom TecConnect is a middleware from TecCom Germany. A security vulnerability exists in TecCom TecConnect version 4.1, which originates from a blind XXE injection in the OpenMessaging webservice and could lead to arbitrary file disclosure...