CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.

CVSS

No CVSS.

References

Link	Resource
https://github.com/Peergos/Peergos/pull/1267

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) CWE-611 Restricción incorrecta de la referencia a entidad externa XML en el método getDocumentBuilder() del servlet WebDav en Peergos. Este problema afecta a Peergos hasta la versión 1.1.0.

14 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 18:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-4639

Mitre link : CVE-2025-4639

CVE.ORG link : CVE-2025-4639

JSON object : View

Products Affected

No product.

CWE

CWE-611

Improper Restriction of XML External Entity Reference

Show plain JSON

{"id": "CVE-2025-4639", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-14T18:15:33.733", "references": [{"url": "https://github.com/Peergos/Peergos/pull/1267", "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0."}, {"lang": "es", "value": "CWE-611 Restricci\u00f3n incorrecta de la referencia a entidad externa XML en el m\u00e9todo getDocumentBuilder() del servlet WebDav en Peergos. Este problema afecta a Peergos hasta la versi\u00f3n 1.1.0."}], "lastModified": "2025-05-16T14:43:56.797", "sourceIdentifier": "cve_disclosure@tech.gov.sg"}

{

id : CVE-2025-4639 (string)

cveTags : [ *empty* ]

metrics : { »

cvssMetricV40 : [ »

0 : { »

type : Secondary (string)

source : cve_disclosure@tech.gov.sg (string)

cvssData : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 8.8 (number)

Automatable : NOT_DEFINED (string)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

exploitMaturity : NOT_DEFINED (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

privilegesRequired : NONE (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : LOW (string)

availabilityRequirement : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

subConfidentialityImpact : LOW (string)

vulnConfidentialityImpact : HIGH (string)

confidentialityRequirement : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

}

]

}

published : 2025-05-14T18:15:33.733 (string)

references : [ »

0 : { »

url : https://github.com/Peergos/Peergos/pull/1267 (string)

source : cve_disclosure@tech.gov.sg (string)

}

]

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

type : Secondary (string)

source : cve_disclosure@tech.gov.sg (string)

description : [ »

0 : { »

lang : en (string)

value : CWE-611 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0. (string)

}

1 : { »

lang : es (string)

value : CWE-611 Restricción incorrecta de la referencia a entidad externa XML en el método getDocumentBuilder() del servlet WebDav en Peergos. Este problema afecta a Peergos hasta la versión 1.1.0. (string)

}

]

lastModified : 2025-05-16T14:43:56.797 (string)

sourceIdentifier : cve_disclosure@tech.gov.sg (string)

}

CVE-2025-4639

JSON object

Attach tags to CVE-2025-4639

Attach tags to `CVE-2025-4639`