Security Advisory

CVE-2025-10183

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-09 14:50:22

Last updated 2025-09-09 15:14:59

Assigner BLSOPS

State PUBLISHED

Description

A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.

← Browse all CVEs View on cve.org ↗