CVE Catalog

CVE-2025-14543

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The vulnerability related to improper restriction of XML external entity reference in RTI Connext Professional allows serialized data external linking. This affects Connext Professional versions from 7.4.0 before 7.7.0 and other specified versions.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to data and potential information leakage, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to the latest version of RTI Connext Professional to eliminate this vulnerability and minimize security risks.

Original NVD description (English source)

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS