Primary

Context

BAE SOCET GXP XML External Entity Vulnerability Allowing Outbound Requests and Information Disclosure

Vulnerability

A vulnerability in BAE SOCET GXP versions prior to 4.6.0.3 allows XML External Entities (XXE) to be processed in certain XML-based files. This issue can be exploited if an attacker social engineers a SOCET GXP user into opening a malicious file, such as a saved workspace. The vulnerability could trigger various outbound requests, potentially compromising sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized outbound requests being made from the SOCET GXP application, potentially allowing for the interception or leakage of sensitive information.

Remediation

Users are advised to update to SOCET GXP version 4.6.0.3. If an immediate update is not possible, users should only open files from trusted sources.

Added: Oct 27, 2025, 5:21 PM

Updated: Oct 27, 2025, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BAE SOCET GXP XML External Entity Vulnerability Allowing Outbound Requests and Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating