CVE-2025-31497

Name of the Vulnerable Software and Affected Versions TEIGarage versions prior to 1.2.4

Description The Document Conversion Service in TEIGarage contains a critical XML External Entity (XXE) Injection issue in its document conversion functionality. This allows an attacker to read arbitrary files from the server's filesystem, potentially exposing configuration files, credentials, or other confidential information. Depending on the server configuration, this could also be used to perform server-side request forgery (SSRF) attacks.

Recommendations For versions prior to 1.2.4, update to version 1.2.4 to resolve the issue. As a temporary workaround, consider disabling external entity processing in the XML parser by setting the appropriate security features, such as XMLConstants.FEATURE SECURE PROCESSING.