Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for open-kilda by telstra

    CVE-2025-54992 (GCVE-0-2025-54992)

    Vulnerability from nvd – Published: 2025-08-11 21:34 – Updated: 2025-08-12 15:44
    VLAI
    Title
    OpenKilda XXE in SAML configuration
    Summary
    OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    telstra open-kilda Affected: < 1.164.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:44:16.451111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:44:24.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "open-kilda",
              "vendor": "telstra",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.164.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-11T21:34:48.750Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7"
            },
            {
              "name": "https://github.com/telstra/open-kilda/pull/5778",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/telstra/open-kilda/pull/5778"
            },
            {
              "name": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e"
            }
          ],
          "source": {
            "advisory": "GHSA-43rg-6r66-6hr7",
            "discovery": "UNKNOWN"
          },
          "title": "OpenKilda XXE in SAML configuration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-54992",
        "datePublished": "2025-08-11T21:34:48.750Z",
        "dateReserved": "2025-08-04T17:34:24.420Z",
        "dateUpdated": "2025-08-12T15:44:24.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54992 (GCVE-0-2025-54992)

    Vulnerability from cvelistv5 – Published: 2025-08-11 21:34 – Updated: 2025-08-12 15:44
    VLAI
    Title
    OpenKilda XXE in SAML configuration
    Summary
    OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    telstra open-kilda Affected: < 1.164.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:44:16.451111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T15:44:24.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "open-kilda",
              "vendor": "telstra",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.164.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-11T21:34:48.750Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7"
            },
            {
              "name": "https://github.com/telstra/open-kilda/pull/5778",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/telstra/open-kilda/pull/5778"
            },
            {
              "name": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e"
            }
          ],
          "source": {
            "advisory": "GHSA-43rg-6r66-6hr7",
            "discovery": "UNKNOWN"
          },
          "title": "OpenKilda XXE in SAML configuration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-54992",
        "datePublished": "2025-08-11T21:34:48.750Z",
        "dateReserved": "2025-08-04T17:34:24.420Z",
        "dateUpdated": "2025-08-12T15:44:24.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }