Search criteria
2 vulnerabilities found for open-kilda by telstra
CVE-2025-54992 (GCVE-0-2025-54992)
Vulnerability from cvelistv5 – Published: 2025-08-11 21:34 – Updated: 2025-08-12 15:44
VLAI?
Title
OpenKilda XXE in SAML configuration
Summary
OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| telstra | open-kilda |
Affected:
< 1.164.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:44:16.451111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:44:24.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "open-kilda",
"vendor": "telstra",
"versions": [
{
"status": "affected",
"version": "\u003c 1.164.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:34:48.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7"
},
{
"name": "https://github.com/telstra/open-kilda/pull/5778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/telstra/open-kilda/pull/5778"
},
{
"name": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e"
}
],
"source": {
"advisory": "GHSA-43rg-6r66-6hr7",
"discovery": "UNKNOWN"
},
"title": "OpenKilda XXE in SAML configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54992",
"datePublished": "2025-08-11T21:34:48.750Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-08-12T15:44:24.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54992 (GCVE-0-2025-54992)
Vulnerability from nvd – Published: 2025-08-11 21:34 – Updated: 2025-08-12 15:44
VLAI?
Title
OpenKilda XXE in SAML configuration
Summary
OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| telstra | open-kilda |
Affected:
< 1.164.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:44:16.451111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:44:24.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "open-kilda",
"vendor": "telstra",
"versions": [
{
"status": "affected",
"version": "\u003c 1.164.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:34:48.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7"
},
{
"name": "https://github.com/telstra/open-kilda/pull/5778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/telstra/open-kilda/pull/5778"
},
{
"name": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e"
}
],
"source": {
"advisory": "GHSA-43rg-6r66-6hr7",
"discovery": "UNKNOWN"
},
"title": "OpenKilda XXE in SAML configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54992",
"datePublished": "2025-08-11T21:34:48.750Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-08-12T15:44:24.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}