XXE in Peergos

CVE-2025-4639

CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.

Vulnerability class: XXE (XML External Entity)

EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References