OpenKilda XML External Entity Injection Vulnerability Allowing Information Exfiltration
Vulnerability
A vulnerability allowing XML external entity (XXE) injection has been identified in OpenKilda versions prior to 1.164.0. This vulnerability, in conjunction with GHSL-2025-024, enables unauthenticated attackers to exfiltrate information from the instance running the OpenKilda UI.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure from the OpenKilda instance.
Remediation
Users can upgrade to OpenKilda version 1.164.0 or later to address this vulnerability.
Added: Aug 11, 2025, 10:24 PM
Updated: Aug 11, 2025, 10:24 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
8.1remediation
7.7relevance
0.3threat
3.2urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.