Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 29, 2025

CVE-2025-48006

Description

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.

Affected products

DataSpider/Servistallm-create
Range: <=4.4
Saison Technology Co.,Ltd./DataSpider Servistav5
Range: 4.4 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN23423519/mitre
www.hulft.com/application/files/1217/5885/0217/information_20250926.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000