CVE-2025-54992

Name of the Vulnerable Software and Affected Versions: OpenKilda versions prior to 1.164.0

Description: OpenKilda, an open-source OpenFlow controller, contains an XML external entity (XXE) injection vulnerability. This vulnerability, in combination with GHSL-2025-024, allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running, potentially leading to information disclosure.

Recommendations: Update to version 1.164.0 or later.