admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-08-04 16:51:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Akamai CloudTest XML External Entity Injection Vulnerability (CVE-2025-49493).md

Browse Source
This commit is contained in:
Goby 2025-07-01 18:54:49 +08:00 committed by GitHub
parent 0341546951
commit a3d8b98922
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Akamai CloudTest XML External Entity Injection Vulnerability (CVE-2025-49493).md
View File

@ -5,7 +5,7 @@
| :----: | :-----|
| **Chinese name** |Akamai CloudTest /concerto/services/RepositoryService XML外部实体注入漏洞CVE-2025-49493 |
| **CVSS core** | 8.0 |
| **FOFA Query** (click to view the results directly)| [(title="Akamai CloudTest" || body="/imageMaster.png") || (body="Akamai CloudTest build" && body="collector component version")]
| **FOFA Query** (click to view the results directly)| (title="Akamai CloudTest"||body="/imageMaster.png")||(body="Akamai CloudTest build" && body="collector component version")
| **Number of assets affected** | 5600+ |
| **Description** |Akamai CloudTest is a cloud service product used for testing and optimizing website performance. The SOAP endpoint in the product (e.g., /concerto/services/RepositoryService) contains an XML External Entity (XXE) injection vulnerability. Due to improper disabling of DTD processing, attackers can read sensitive files on the server (e.g., /etc/passwd) through carefully crafted XML requests. |
| **Impact** | This vulnerability is low in exploitation difficulty but severe in impact, allowing attackers to steal sensitive system information. Enterprises are advised to immediately apply the latest patch provided by Akamai to mitigate the risk.|