CVE-2024-25066: XEE
Published Feb 17, 2025
·Updated
RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.
Affected Software
1 affected component
RSA Authentication Manager<8.7 SP2 Patch 1
Event History
Feb 17, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-25066?
CVE-2024-25066 has a medium severity rating due to the potential for XML External Entity (XXE) attacks.
2
How do I fix CVE-2024-25066?
To remediate CVE-2024-25066, upgrade to RSA Authentication Manager version 8.7 SP2 Patch 1 or later.
3
What are the consequences of CVE-2024-25066?
The consequence of CVE-2024-25066 is that attacker-controlled files may be stored on the server, impacting data integrity.
4
Is data exfiltration possible with CVE-2024-25066?
No, data exfiltration cannot occur as a result of CVE-2024-25066.
5
Which versions of RSA Authentication Manager are affected by CVE-2024-25066?
RSA Authentication Manager versions prior to 8.7 SP2 Patch 1 are affected by CVE-2024-25066.