CWE-611 (XML外部实体引用的不恰当限制(XXE)) — Vulnerability Class 417

417 vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-68280	Apache SIS: XML External Entity (XXE) vulnerability — Apache SIS	5.3	-	2026-01-05
CVE-2025-15251	beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference — FastBee	5.6	Medium	2025-12-30
CVE-2019-25253	KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection — KYOCERA Net Admin	7.5	High	2025-12-24
CVE-2018-25142	NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection — NovaPACS Diagnostics Viewer	9.8	Critical	2025-12-24
CVE-2024-58335	OpenXRechnungToolbox 代码问题漏洞 — OpenXRechnungToolbox	5.0	Medium	2025-12-24
CVE-2025-68463	biopython 代码问题漏洞 — Biopython	4.9	Medium	2025-12-18
CVE-2025-61813	ColdFusion \| Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) — ColdFusion	8.2	High	2025-12-09
CVE-2025-61821	ColdFusion \| Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) — ColdFusion	6.8	Medium	2025-12-09
CVE-2025-61823	ColdFusion \| Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) — ColdFusion	6.2	Medium	2025-12-09
CVE-2025-66516	Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected — Apache Tika core	8.4	High	2025-12-04
CVE-2025-66370	kivitendo-erp 代码问题漏洞 — kivitendo	5.0	Medium	2025-11-28
CVE-2025-66372	Mustangproject 代码问题漏洞 — Mustang	2.8	Low	2025-11-28
CVE-2025-66371	Peppol-py 代码问题漏洞 — Peppol-py	5.0	Medium	2025-11-28
CVE-2025-58360	GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature — geoserver	8.2	High	2025-11-25
CVE-2025-13209	bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference — oa_git_free	6.3	Medium	2025-11-15
CVE-2025-11700	N-central Multiple XXE Injection Vulnerabilities — N-central	7.5	-	2025-11-12
CVE-2025-64518	CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection — cyclonedx-core-java	7.5	High	2025-11-10
CVE-2025-10713	XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration — WSO2 Enterprise Integrator	6.5	Medium	2025-11-05
CVE-2025-12531	IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability — InfoSphere Information Server	7.1	High	2025-11-03
CVE-2025-46425	Dell Storage Manager和Dell Storage Center 代码问题漏洞 — Dell Storage Manager	6.5	Medium	2025-10-24
CVE-2025-6985	XXE Vulnerability in langchain-ai/langchain — langchain-ai/langchain	7.5^AI	High^AI	2025-10-06
CVE-2025-11341	Jinher OA type xml external entity reference — OA	7.3	High	2025-10-06
CVE-2025-48006	Ashisuto DataSpider Servista 代码问题漏洞 — DataSpider Servista	9.1^AI	Critical^AI	2025-09-29
CVE-2025-11140	Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference — Zhiyou ERP	7.3	High	2025-09-29
CVE-2025-11035	Jinher OA text xml external entity reference — OA	6.3	Medium	2025-09-26
CVE-2025-10816	Jinher OA XML text xml external entity reference — OA	7.3	High	2025-09-22
CVE-2025-10183	XML External Entity Injection in TecConnect 4.1 — TecConnect	9.1	Critical	2025-09-09
CVE-2025-10092	Jinher OA XML Type xml external entity reference — OA	7.3	High	2025-09-08
CVE-2025-10091	Jinher OA XML Type xml external entity reference — OA	7.3	High	2025-09-08
CVE-2023-7307	Sangfor Behavior Management System XML External Entity Injection — Sangfor Behavior Management System (DC Management System)	9.8^AI	Critical^AI	2025-08-27

Vulnerabilities classified as CWE-611 (XML外部实体引用的不恰当限制(XXE)) represent 417 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-611 (XML外部实体引用的不恰当限制(XXE)) — Vulnerability Class 417