CVE-2023-25955

Summary

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

Affected Software

VendorProductVersion RangeStatus
Ministry of Land, Infrastructure, Transport and Tourism, JapanNational land numerical information data conversion toolall versionsaffected

Weaknesses

  • Improper restriction of XML external entity reference (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References