Skip to content
CVSS 9.1 · CRITICAL

CVE-2025-14543

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

Ver en NVD

Análisis

RTI Connext is a specialized real-time middleware used primarily in industrial IoT, robotics, and defense sectors rather than common web or mobile development. While the XXE vulnerability is critical, the product is not part of the standard open-source stack or common enterprise tools used by this community.

Severidad

Puntaje: 9.1(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: HIGH
Tipo de falla (CWE): CWE-611

EPSS

Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 8.8%
EPSS: 2026-05-06

Afecta

rti:connext_professional

Descripción técnica

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

Publicada: 30/4/2026, 16:16:40
Última modificación: 4/5/2026, 13:02:38

Referencias

InicioEventosBlogRecursosEquipo