CVE-2025-0617

MEDIUM Year: 2025
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-776
View all →

Vulnerability Description

An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.

Related Vulnerabilities

CVE-2024-1455

MEDIUM
CVSS:5.9(Medium)

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML docu...

CWE-7762024

CVE-2024-27141

MEDIUM
CVSS:5.9(Medium)

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) ...

CWE-7762024

CVE-2024-27142

MEDIUM
CVSS:5.9(Medium)

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) ...

CWE-7762024

CVE-2024-43398

MEDIUM
CVSS:5.9(Medium)

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrus...

CWE-7762024

CVE-2017-5644

MEDIUM
CVSS:5.5(Medium)

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CWE-7762017

CVE-2021-31842

MEDIUM
CVSS:5.5(Medium)

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulti...

CWE-7762021