- Description
- An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service.
- Source
- trellixpsirt@trellix.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- trellixpsirt@trellix.com
- CWE-776
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2025-0617 | Trellix HX Console 5.1.1 Data xml entity expansion) has been published on https://t.co/aMJAbN1xWI
@WolfgangSesin
29 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0617 An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file pars… https://t.co/B986LCLKIq
@CVEnew
29 Jan 2025
377 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes