CVE-2025-52162

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
18/07/2025
Last modified:
22/07/2025

Description

agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.