XXE in Telstra Open-kilda
CVE-2025-54992
OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate i…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.004 (29.7th percentile) — read the EPSS interpretation.
Affected products
- Telstra Open-kilda — versions < 1.164.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)