XML Parsing Vulnerability in PowSyBl Framework by powSyBl
CVE-2025-47293

2.7LOW

Key Information:

Vendor: Powsybl
Status: Powsybl-core
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-47293?

The PowSyBl Framework is susceptible to XML external entity (XXE) and server-side request forgery (SSRF) attacks prior to version 6.7.2. Malicious users can exploit vulnerabilities in the XML parsing methods of the powsybl-core component, leading to unauthorized file access and privilege escalation. This issue primarily affects multi-tenant applications where untrusted users can submit XML content. The vulnerabilities have been addressed in version 6.7.2, ensuring enhanced security for users.

Affected Version(s)

powsybl-core < 6.7.2

References

https://github.com/powsybl/powsybl-core/security/advisori...

x_refsource_CONFIRM

https://github.com/powsybl/powsybl-core/commit/e6c7c4997a...

x_refsource_MISC

https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2

x_refsource_MISC

CVSS V4

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025
Vulnerability Reserved
May 5, 2025

Powsybl

What is CVE-2025-47293?

Affected Version(s)

References

CVSS V4

Timeline