CVE-2025-66371

CVSS v3.1

5.0

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Peppol-py versions prior to 1.1.1

Description The software is susceptible to XML External Entity (XXE) attacks due to the Saxon configuration. During the validation of XML-based invoices, the XML parser is capable of reading files from the filesystem and exposing their content to a remote host.

Recommendations Update to version 1.1.1 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2025-66371

Affected Products

Peppol-Py

CVE-2025-66371

Weakness Enumeration

Related Identifiers

Affected Products

References · 6