CVE-2025-0617

Name of the Vulnerable Software and Affected Versions HX versions 10.0.0 and earlier

Description An attacker with access to the vulnerable software may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process, thus causing a Denial of Service.

Recommendations For HX versions 10.0.0 and earlier, consider restricting access to the HX console to minimize the risk of exploitation. As a temporary workaround, avoid using the console for parsing files that may contain exponential entity expansions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.