XXE in Peergos
CVE-2025-4639
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.
Vulnerability class: XXE (XML External Entity)
EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.
Affected products
- Peergos — versions 1.1.0