CVE-2023-25955

Name of the Vulnerable Software and Affected Versions National land numerical information data conversion tool all versions

Description The issue is related to the improper restriction of XML external entity references (XXE) in the National land numerical information data conversion tool. This allows an attacker to access arbitrary files on a PC by processing a specially crafted XML file.

Recommendations For all versions, consider disabling XML external entity references or restricting access to sensitive files as a temporary workaround until a patch is available. Avoid using the tool to process untrusted XML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.