CVE-2025-48006

Summary

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.

Affected Software

VendorProductVersion RangeStatus
Saison Technology Co.,Ltd.DataSpider Servista4.4 and earlieraffected

Weaknesses

  • CWE-611: Improper restriction of XML external entity reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References