CVE-2025-10183 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary…
Critical CVSS: 9.1

CVE-2025-10183

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.
Vendor
-
Product
-
CWE
CWE-611
Yayın Tarihi
2025-09-09 15:15:32
Güncelleme
2025-09-09 16:28:43
Source Identifier
cves@blacklanternsecurity.com
KEV Date Added
-

Kategoriler

CWE-611 CRITICAL 2025

Referanslar

https://blog.blacklanternsecurity.com/p/teccom-tecconnect-41-xml-external