Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-47293

Good to know:

icon
icon

Date: June 19, 2025

PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.

Severity Score

Related Resources (6)

https://nvd.nist.gov/vuln/detail/CVE-2025-47293
https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc
https://github.com/powsybl/powsybl-core
https://github.com/powsybl/powsybl-core/security/advisories/GHSA-qpj9-qcwx-8jv2
https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2
https://www.mend.io/vulnerability-database/CVE-2025-47293

Severity Score

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

icon

Upgrade Version

Upgrade to version com.powsybl:powsybl-commons:6.7.2;com.powsybl:powsybl-commons:6.7.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us