CVE-2025-66370 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the serv…
Medium CVSS: 5.0

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.
Vendor
-
Product
-
CWE
CWE-611
Yayın Tarihi
2025-11-28 04:16:01
Güncelleme
2026-01-15 07:16:04
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-611 MEDIUM 2025

Referanslar

https://blog.kivitendo.de/?p=1415 https://github.com/kivitendo/kivitendo-erp/blob/fd3f993fc731cbcaa5eb87d55df7c82df4df9c09/doc/changelog https://github.com/kivitendo/kivitendo-erp/commit/1286dee72f9919166178d0cdb5f52f13b0f7d4de https://github.com/kivitendo/kivitendo-erp/commit/f6ba56bd8d22a428534057589baace6b7bfdf2e9 https://invoice.secvuln.info