CVE-2025-48006
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-48006, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-09-29

Last updated on: 2025-10-14

Assigner: JPCERT/CC

Description

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-09-29
Last Modified
2025-10-14
Generated
2026-07-06
AI Q&A
2025-09-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
saison dataspider_servista to 4.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-48006 is a vulnerability in DataSpider Servista version 4.4 and earlier caused by improper restriction of XML external entity (XXE) references. An attacker can send specially crafted XML requests that exploit this flaw to read arbitrary files on the server's file system or cause a denial-of-service (DoS) condition. [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker to access sensitive files on the server where DataSpider Servista is installed, potentially exposing confidential information. Additionally, it can cause a denial-of-service (DoS) condition, disrupting the availability of the service. [1]

Mitigation Strategies

To mitigate this vulnerability, users are advised to update DataSpider Servista to the latest version provided by the developer. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48006. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart