Medium severity4.9NVD Advisory· Published Mar 5, 2025· Updated Apr 15, 2026
CVE-2025-24521
CVE-2025-24521
Description
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.