CVE-2025-48006
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-14
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| saison | dataspider_servista | to 4.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48006 is a vulnerability in DataSpider Servista version 4.4 and earlier caused by improper restriction of XML external entity (XXE) references. An attacker can send specially crafted XML requests that exploit this flaw to read arbitrary files on the server's file system or cause a denial-of-service (DoS) condition. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to access sensitive files on the server where DataSpider Servista is installed, potentially exposing confidential information. Additionally, it can cause a denial-of-service (DoS) condition, disrupting the availability of the service. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are advised to update DataSpider Servista to the latest version provided by the developer. [1]