CVE-2025-52162
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agorum | agorum_core_open | 11.10.1 |
| agorum | agorum_core_open | 11.9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52162 is an XML External Entity (XXE) vulnerability in agorum Software GmbH's Agorum core open versions 11.9.2 and 11.10.1. It occurs via the RSSReader endpoint and other components where XML input is improperly processed. Attackers can craft malicious XML files containing external entity definitions that cause the XML parser to load and disclose sensitive local files or resources on the server. This happens because the XML parser is not securely configured to disable external entity processing, allowing unauthorized access to sensitive data. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive data stored on the server by allowing attackers to read arbitrary files through crafted XML inputs. Attackers can exploit this to access confidential information such as configuration files, credentials, or other sensitive documents. This can compromise the security and privacy of the system and its data, potentially leading to further attacks or data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the RSSReader component for XXE exploitation via the 'feed' parameter in HTTP GET requests. For example, sending crafted XML input referencing external entities to the RSSReader endpoint and observing if sensitive files like /etc/hostname are disclosed. Additionally, monitoring HTTP requests for suspicious XML payloads targeting endpoints such as /api/rest/filingAssistant/v2/action with crafted POST requests including the 'ids' parameter or multipart form-data with 'attribute(parseFile)=true' can help detect exploitation attempts. Specific commands could include using curl to send malicious XML payloads to these endpoints and analyzing responses for sensitive data leakage. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Agorum core open to fixed versions 11.9.2 or 11.10.1. Additionally, secure XML parser configuration should be implemented by disabling external entity processing and DTDs, using secure XML parsing libraries hardened against XXE attacks, and validating and sanitizing all XML inputs rigorously to prevent exploitation. [1]