CVE-2025-52162 in Core Open
Summary
by MITRE • 07/18/2025
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/18/2025
The vulnerability identified as CVE-2025-52162 affects agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1, presenting a critical XML External Entity (XXE) flaw within the RSSReader endpoint. This vulnerability represents a significant security weakness that stems from improper input validation and processing of XML data, creating an attack surface where malicious actors can exploit the system's XML parser to access sensitive information. The XXE vulnerability specifically targets the application's handling of external entity references within XML documents, allowing attackers to manipulate how the system processes structured data input through the RSS feed reader functionality.
The technical exploitation of this XXE vulnerability occurs through the RSSReader endpoint which accepts XML input from external sources without proper sanitization or validation. When the application processes crafted XML containing external entity references, it can be coerced into making unauthorized requests to internal network resources or retrieving sensitive data from the local file system. This flaw falls under CWE-611, which specifically addresses XML external entity processing vulnerabilities, and aligns with ATT&CK technique T1592.001 for reconnaissance through external network discovery and T1071.004 for application layer protocol traffic. The vulnerability's impact extends beyond simple data exposure, as it can potentially enable attackers to perform server-side request forgery attacks or gain access to internal resources that would normally be restricted from external access.
The operational impact of this vulnerability is severe and multifaceted, particularly for organizations relying on the Agorum core open platform for content management and collaboration services. Attackers exploiting this XXE vulnerability could potentially access confidential business data, user credentials, system configuration files, or internal network information that the application might be configured to process. The vulnerability's presence in multiple versions of the software indicates a widespread risk across affected deployments, making it particularly dangerous for organizations that have not yet updated to patched versions. Organizations using the RSSReader functionality for processing external feeds from untrusted sources face the highest risk, as this represents the primary attack vector for exploiting the XXE vulnerability.
Effective mitigation strategies for CVE-2025-52162 should focus on immediate patching of the affected software versions to the latest releases that contain XXE protection mechanisms. Organizations should implement strict input validation and sanitization for all XML processing components, particularly those handling external data sources like RSS feeds. The implementation of XML parsers configured to disable external entity resolution and DTD processing represents a critical defensive measure that directly addresses the root cause of the vulnerability. Additionally, network segmentation and access controls should be enforced to limit the potential impact of successful exploitation attempts, while regular security assessments should verify that no other XML processing endpoints within the application infrastructure remain vulnerable to similar XXE attacks. Organizations should also consider implementing web application firewalls with XXE detection capabilities as an additional protective layer.