FKIE_CVE-2025-31497

Vulnerability from fkie_nvd - Published: 2025-04-15 20:15 - Updated: 2026-04-15 00:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion functionality. The service processes XML files during the conversion process but fails to disable external entity processing, allowing an attacker to read arbitrary files from the server's filesystem. This vulnerability could allow attackers to read sensitive files from the server's filesystem, potentially exposing configuration files, credentials, or other confidential information. Additionally, depending on the server configuration, this could potentially be used to perform server-side request forgery (SSRF) attacks by making the server connect to internal services. This issue is patched in version 1.2.4. A workaround for this vulnerability includes disabling external entity processing in the XML parser by setting the appropriate security features (e.g., XMLConstants.FEATURE_SECURE_PROCESSING).
References
security-advisories@github.comhttps://github.com/TEIC/TEIGarage/security/advisories/GHSA-w2hq-3cjc-2x55
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion functionality. The service processes XML files during the conversion process but fails to disable external entity processing, allowing an attacker to read arbitrary files from the server\u0027s filesystem. This vulnerability could allow attackers to read sensitive files from the server\u0027s filesystem, potentially exposing configuration files, credentials, or other confidential information. Additionally, depending on the server configuration, this could potentially be used to perform server-side request forgery (SSRF) attacks by making the server connect to internal services. This issue is patched in version 1.2.4. A workaround for this vulnerability includes disabling external entity processing in the XML parser by setting the appropriate security features (e.g., XMLConstants.FEATURE_SECURE_PROCESSING)."
    },
    {
      "lang": "es",
      "value": "TEIGarage es un servicio web y RESTful para transformar, convertir y validar diversos formatos, centr\u00e1ndose en el formato TEI. El Servicio de Conversi\u00f3n de Documentos contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de entidades externas XML (XXE) en su funcionalidad de conversi\u00f3n. El servicio procesa archivos XML durante el proceso de conversi\u00f3n, pero no deshabilita el procesamiento de entidades externas, lo que permite a un atacante leer archivos arbitrarios del sistema de archivos del servidor. Esta vulnerabilidad podr\u00eda permitir a los atacantes leer archivos confidenciales del sistema de archivos del servidor, exponiendo potencialmente archivos de configuraci\u00f3n, credenciales u otra informaci\u00f3n confidencial. Adem\u00e1s, dependiendo de la configuraci\u00f3n del servidor, esto podr\u00eda utilizarse para realizar ataques de server-side request forgery (SSRF) al hacer que el servidor se conecte a servicios internos. Este problema est\u00e1 corregido en la versi\u00f3n 1.2.4. Un workaround para esta vulnerabilidad consiste en deshabilitar el procesamiento de entidades externas en el analizador XML mediante la configuraci\u00f3n de las funciones de seguridad adecuadas (p. ej., XMLConstants.FEATURE_SECURE_PROCESSING)."
    }
  ],
  "id": "CVE-2025-31497",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-15T20:15:39.270",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/TEIC/TEIGarage/security/advisories/GHSA-w2hq-3cjc-2x55"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.