XXE in Telstra Open-kilda

CVE-2025-54992

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate i…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.004 (29.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References