CVE-2025-6438

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6438
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account.
CVSS

No CVSS.

References
Link Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-189-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-189-01.pdf
Configurations

No configuration.

History

14 Jul 2025, 00:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : unknown
Summary
  • (es) CWE-611: Existe una vulnerabilidad de restricción incorrecta de referencia de entidad externa XML que podría causar la manipulación de llamadas a la API SOAP y la inyección de entidades externas XML, lo que resulta en un acceso no autorizado a archivos cuando se accede al servidor a través de la red utilizando una cuenta de aplicación.
Summary (en) CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account. (en) A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access when the server is accessed via the network using an application account.

11 Jul 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-11 09:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-6438

Mitre link : CVE-2025-6438

CVE.ORG link : CVE-2025-6438

JSON object : View

Products Affected

No product.

CWE
CWE-611

Improper Restriction of XML External Entity Reference