CVE-2025-48006
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-14

Assigner: JPCERT/CC

Description
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-09-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48006
EUVD
EUVD-2025-31559
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
saison dataspider_servista to 4.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-48006 is a vulnerability in DataSpider Servista version 4.4 and earlier caused by improper restriction of XML external entity (XXE) references. An attacker can send specially crafted XML requests that exploit this flaw to read arbitrary files on the server's file system or cause a denial-of-service (DoS) condition. [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker to access sensitive files on the server where DataSpider Servista is installed, potentially exposing confidential information. Additionally, it can cause a denial-of-service (DoS) condition, disrupting the availability of the service. [1]

Mitigation Strategies

To mitigate this vulnerability, users are advised to update DataSpider Servista to the latest version provided by the developer. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48006. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart