CVE-2025-14543
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
The vulnerability related to improper restriction of XML external entity reference in RTI Connext Professional allows serialized data external linking. This affects Connext Professional versions from 7.4.0 before 7.7.0 and other specified versions.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to data and potential information leakage, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to the latest version of RTI Connext Professional to eliminate this vulnerability and minimize security risks.
Original NVD description (English source)
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

