CVE-2025-66371 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the files…
Medium CVSS: 5.0

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.
Vendor
-
Product
-
CWE
CWE-611
Yayın Tarihi
2025-11-28 04:16:01
Güncelleme
2026-01-27 17:16:09
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-611 MEDIUM 2025

Referanslar

https://github.com/iterasdev/peppol-py/commit/349a4bff8adb6205ea411bac8d7a06da0477abd7 https://github.com/iterasdev/peppol-py/pull/16 https://github.com/iterasdev/peppol-py/releases/tag/1.1.1 https://invoice.secvuln.info