PT-2025-48314 · Mustang · Mustang
Published
2025-11-28
·
Updated
2025-12-26
·
CVE-2025-66372
CVSS v3.1
2.8
Low
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mustang versions prior to 2.16.3
Description
Mustang before version 2.16.3 is susceptible to XML External Entity (XXE) attacks, which can lead to the exfiltration of files. XXE attacks occur when an application parses XML input that contains a reference to an external entity. This can allow an attacker to access files on the system, internal shares, or other resources that the application has access to.
Recommendations
Update Mustang to version 2.16.3 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mustang