exploitDog

CVE-2025-10183

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.

Ссылки

https://blog.blacklanternsecurity.com/p/teccom-tecconnect-41-xml-external

EPSS

Процентиль: 22%

0.00074

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-96j8-8455-q77x

CVSS3: 9.1

github

5 месяцев назад

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.

EPSS

Процентиль: 22%

0.00074

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-611