CVE-2024-31573 MEDIUM

CVE-2024-31573

Vendor Xmlunit
Product XMLUnit for Java
Weakness CWE-669
Published October 17, 2025
Last update October 17, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

Key dates

02Disclosure timeline

October 17, 2025 CVE published
October 17, 2025 Record updated