CVE-2025-52888
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Allure 2 xunit-xml-plugin to version 2.34.1 or later, where the XML parser is properly secured against XXE attacks by using a custom entity resolver that blocks external entity resolution. This patch prevents the exploitation of the vulnerability by disabling external entity expansion. [1, 2]
Can you explain this vulnerability to me?
CVE-2025-52888 is a critical XML External Entity (XXE) vulnerability in the xunit-xml-plugin of Allure 2 versions prior to 2.34.1. The vulnerability occurs because the XML parser used by the plugin does not securely configure external entity processing, allowing attackers to craft malicious XML files that trigger external entity expansion. This can lead to attackers reading arbitrary files from the server's filesystem or causing server-side request forgery (SSRF) by making the server perform unintended network requests. The issue arises from improper handling of XML Document Type Definitions (DTDs) and external entities in the XML parser configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized disclosure of sensitive files on the server where Allure 2 is running, such as configuration files, credentials, or other private data. Additionally, it can be exploited to perform server-side request forgery (SSRF), potentially allowing attackers to access internal network resources or services that are otherwise inaccessible. The attack can be automated and executed silently, posing a significant risk especially in continuous integration/continuous deployment (CI/CD) environments where Allure is integrated, potentially exposing API keys, internal URLs, and other sensitive information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by placing a malicious XML file containing XXE payloads into the designated allure directory and generating a report using the command-line tool `allure generate`. Then, opening the report with `allure open` will execute the payload if the system is vulnerable. This proof of concept confirms the presence of the vulnerability by triggering external entity expansion and potentially disclosing sensitive files. [1]