Improper Restriction of XML External Entity Reference vulnerability in Connext...

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

AI Analysis

XML External Entity (XXE) vulnerability in Connext Professional Core Libraries allowing external entity references, potentially leading to data exposure.

Basic Information

ID CVE-2025-14543

Source RTI

Published Apr 30, 2026 at 15:25

Affected Product

Vendor RTI

Product Connext Professional

Version 7.4.0

Affected Versions RTI Connext Professional 7.4.0
RTI Connext Professional 7.0.0
RTI Connext Professional 6.1.0
RTI Connext Professional 6.0.0
RTI Connext Professional 5.3.0
RTI Connext Professional 4.3x

CWE Classification

CWE-611

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor RTI

Product Connext Professional

Version 7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 4.3x

References

www.rti.com /vulnerabilities/

{
    "lastseen": "",
    "description": "Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.",
    "published": "2026-04-30T15:25:10.180Z",
    "modified": "2026-04-30T15:25:10.180Z",
    "type": "cve",
    "title": "Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.",
    "source": "RTI",
    "references": "https://www.rti.com/vulnerabilities/#cve-2025-14543",
    "id": "CVE-2025-14543",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611"
    ],
    "cvelist": null,
    "sourceData": "RTI Connext Professional 7.4.0\nRTI Connext Professional 7.0.0\nRTI Connext Professional 6.1.0\nRTI Connext Professional 6.0.0\nRTI Connext Professional 5.3.0\nRTI Connext Professional 4.3x",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Connext Professional",
    "version": "7.4.0",
    "vendor": "RTI",
    "ai_description": "XML External Entity (XXE) vulnerability in Connext Professional Core Libraries allowing external entity references, potentially leading to data exposure.",
    "ai_severity": "High",
    "ai_vendor": "RTI",
    "ai_product": "Connext Professional",
    "ai_version": "7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 4.3x",
    "ai_score": 8.8
}

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking._CVE-2025-14543