XML External Entity Vulnerability in RSA Authentication Manager
CVE-2024-25066

4.3MEDIUM

Key Information:

Vendor: Rsa
Status: Authentication Manager
Vendor: CVE Published:; 17 February 2025

Summary

The RSA Authentication Manager prior to version 8.7 SP2 Patch 1 is susceptible to XML External Entity (XXE) attacks. This vulnerability allows an attacker to manipulate license files in a way that permits unauthorized access to files on the server hosting the product. Although data exfiltration is not possible, the presence of attacker-controlled files can lead to potential unauthorized information exposure and integrity issues, posing serious risks to the overall security posture of the affected systems.

Affected Version(s)

Authentication Manager 0 < 8.7 SP2 Patch 1

References

https://www.rsa.com/en-us/company/vulnerability-response-...

https://community.rsa.com/s/advisories

https://github.com/KaiwenTM/CVE_POC/blob/main/CVE-2024-25...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2025
Vulnerability Reserved
Feb 4, 2024