VYPR
Medium severity4.9NVD Advisory· Published Mar 5, 2025· Updated Apr 15, 2026

CVE-2025-24521

CVE-2025-24521

Description

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.