Intersec Geosafe XML External Entity Injection Vulnerability Allowing Arbitrary File Read, SSRF, and Denial-of-Service

Vulnerability

A vulnerability allowing XML External Entity (XXE) injection has been identified in Intersec Geosafe versions 2022.12, 2022.13, and 2022.14. This vulnerability enables attackers to read arbitrary files under the privileges of the running process, make Server-Side Request Forgery (SSRF) requests, or cause a Denial of Service (DoS) through unspecified vectors.

Impact

Exploitation of this vulnerability could lead to unauthorized file access, SSRF attacks, or a Denial of Service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Intersec Geosafe XML External Entity Injection Vulnerability Allowing Arbitrary File Read, SSRF, and Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating