Medium severity4.3NVD Advisory· Published Feb 17, 2025· Updated Apr 15, 2026

CVE-2024-25066

Description

RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.rsa.com/s/advisoriesnvd
community.rsa.com/s/article/RSA-Authentication-Manager-8-7-SP2-Patch-1-Readmenvd
github.com/KaiwenTM/CVE_POC/blob/main/CVE-2024-25066.txtnvd
www.rsa.com/en-us/company/vulnerability-response-policynvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000