PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML pars

APPLICATION

19-06-2025 19:47

CVE-2025-47293 Vulnerabilidad documentada

Sin puntuación

Tags

#where

#server

#diff

#application

#vulnerable

#ssrf

#server-side request forgery

#patched

#patch

#privilege

#issue

#allow

#attack

Descripción

PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior version 6.7.2, in certain places, powsybl-core XML parsing vulnerable an external entity (XXE) attack and server-side request forgery (SSRF) attack. This allows attacker elevate their privileges read files that they do not have permissions to, including sensitive on the system. The class com.powsybl.commons.xml.XmlReader which considered be untrusted use cases where users can submit methods. multi-tenant application hosts many different perhaps with privilege levels. issue has been patched com.powsybl:powsybl-commons: 6.7.2.

https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc

https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2

https://github.com/powsybl/powsybl-core/security/advisories/GHSA-qpj9-qcwx-8jv2

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-47293

Resultados similares

Coincidentes en almenos en 50% de los tags

19-06-2025 CVE-2025-6267
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Develo...
Ver información

18-06-2025 CVE-2023-50348
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application ...
Ver información