{"id":"CVE-2020-25912","details":"A XML External Entity (XXE) vulnerability was discovered in symphony\\lib\\toolkit\\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).","modified":"2026-04-10T04:25:19.051370Z","published":"2021-10-31T19:15:09.857Z","references":[{"type":"WEB","url":"http://symphony.com"},{"type":"REPORT","url":"https://github.com/symphonycms/symphonycms/issues/2924"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/symphonycms/symphonycms","events":[{"introduced":"0"},{"last_affected":"68f44f0c36ad3345068676bfb8a61c2e6a2e51f4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.10"}]}}],"versions":["2.0","2.0.1","2.0.2","2.0.4","2.0.7","2.0.7RC1","2.0.7RC2","2.0.7beta","2.1.2","2.2","2.2.2","2.2.3","2.2.4","2.2.5","2.3","2.3.1","2.3.1RC1","2.3.1RC2","2.3.1RC3","2.3.1beta1","2.3.1beta2","2.3.2","2.3.2RC1","2.3.2RC2","2.3.2beta1","2.3.2beta2","2.3.3","2.3.3RC1","2.3.3RC2","2.3.3RC3","2.3.3beta1","2.3.3beta2","2.3.3beta3","2.3.4","2.3.4RC1","2.3.4beta1","2.3.4beta2","2.3.5","2.3.5RC1","2.3.5beta1","2.3.6","2.3RC2","2.3RC3","2.3RC4","2.3beta1","2.3beta2","2.3beta3","2.4","2.4RC1","2.4RC2","2.4beta1","2.4beta3","2.5.0","2.5.1","2.5.2","2.5.2-beta.1","2.5.2-rc.1","2.6.0","2.6.0-beta.1","2.6.0-beta.2","2.6.0-rc.1","2.6.1","2.6.10","2.6.11","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","2.7.0","2.7.0.RC1","2.7.1","2.7.10","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","rev5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25912.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}