CVE-2025-48006 HIGH

CVE-2025-48006

Vendor Saison Technology Co.,Ltd.
Product DataSpider Servista
Weakness CWE-611 · XXE
Published September 29, 2025
Last update September 29, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

Improper restriction of XML external entity reference issue exists in DataSpider Servista 4.4 and earlier. If a specially crafted request is processed, arbitrary files on the file system where the server application for the product is installed may be read, or a denial-of-service (DoS) condition may occur.

Key dates

02Disclosure timeline

September 29, 2025 CVE published
September 29, 2025 Record updated