CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

PT-2025-26251 · Powsybl · Powsybl

Name of the Vulnerable Software and Affected Versions: PowSyBl versions 6.3.0 through 6.7.1 Description: The issue is a deserialization problem in the read method of the SparseMatrix class, which can lead to various privilege escalations depending on the circumstances. This method takes an...