{"id":"CVE-2025-54992","summary":"OpenKilda XXE in SAML configuration","details":"OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.","aliases":["GHSA-43rg-6r66-6hr7"],"modified":"2026-04-10T05:30:44.362466Z","published":"2025-08-11T21:34:48.750Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54992.json","cwe_ids":["CWE-611"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54992.json"},{"type":"ADVISORY","url":"https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54992"},{"type":"FIX","url":"https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e"},{"type":"FIX","url":"https://github.com/telstra/open-kilda/pull/5778"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/telstra/open-kilda","events":[{"introduced":"0"},{"fixed":"8f3fec5060d7252e02fe83a0c3a9f54d2334d607"}]}],"versions":["1.0.0","1.0.0-RC2","1.1.0-rc1","v.1.18.2","v.1.46.0","v.1.53.0","v1.1.0","v1.1.10.23","v1.1.10.25","v1.1.10.30","v1.1.10.4","v1.1.11.15","v1.1.11.27","v1.1.11.27.1","v1.1.12.4","v1.1.5.11","v1.1.5.18","v1.1.5.21","v1.1.5.21.1","v1.1.5.22","v1.1.5.30","v1.1.6.12","v1.1.6.12.1","v1.1.6.12.2","v1.1.6.19.1","v1.1.6.7","v1.1.7.10","v1.1.7.11","v1.1.7.23","v1.1.7.24","v1.1.7.24.1","v1.1.7.24.2","v1.1.7.24.3","v1.1.7.31","v1.1.7.31.1","v1.1.7.4","v1.1.7.4.1","v1.1.7.9","v1.1.8.15","v1.1.8.21","v1.1.8.28","v1.1.8.30","v1.1.8.31","v1.1.9.14","v1.1.9.24","v1.1.9.25","v1.1.9.27","v1.1.9.4","v1.1.9.4.1","v1.1.9.6","v1.1.9.7","v1.10.0","v1.100.0","v1.101.0","v1.102.0","v1.103.0","v1.104.0","v1.105.0","v1.105.1","v1.105.2","v1.106.0","v1.107.0","v1.107.1","v1.107.2","v1.107.3","v1.107.4","v1.108.0","v1.109.0","v1.109.0.1","v1.109.1","v1.11.0","v1.11.1","v1.110.0","v1.111.0","v1.112.0","v1.113.0","v1.114.0","v1.115.0","v1.115.1","v1.115.2","v1.116.0","v1.117.0","v1.118.0","v1.118.1","v1.118.2","v1.118.3","v1.118.4","v1.119.0","v1.12.0","v1.12.1","v1.120.0","v1.120.1","v1.120.2","v1.121.0","v1.122.0","v1.123.0","v1.123.1","v1.124.0","v1.125.0","v1.125.1","v1.125.2","v1.126.0","v1.126.1","v1.126.2","v1.126.3","v1.127.0","v1.128.0","v1.129.0","v1.129.1","v1.13.0","v1.13.1","v1.130.0","v1.131.0","v1.132.0","v1.133.0","v1.134.0","v1.135.0","v1.136.0","v1.137.0","v1.138.0","v1.139.0","v1.14.0","v1.140.0","v1.141.0","v1.142.0","v1.143.0","v1.144.0","v1.145.0","v1.145.1","v1.145.2","v1.146.0","v1.146.1","v1.147.0","v1.147.1","v1.148.0","v1.149.0","v1.15.0","v1.150.0","v1.151.0","v1.152.0","v1.153.0","v1.155.0","v1.156.0","v1.157.0","v1.158.0","v1.159.0","v1.16.0","v1.16.1","v1.16.2","v1.160.0","v1.161.0","v1.162.0","v1.163.0","v1.17.0","v1.17.1","v1.18.0","v1.18.1","v1.18.2","v1.18.3","v1.2.12.11","v1.2.12.11.1","v1.2.12.13","v1.2.12.13.1","v1.2.12.18","v1.2.12.6","v1.2.12.6.1","v1.2.12.6.2","v1.2.13.16","v1.2.13.8","v1.21.1","v1.21.2","v1.22.0","v1.23.0","v1.24.0","v1.25.0","v1.26.0","v1.27.0","v1.28.0","v1.29.0","v1.29.1","v1.3.0","v1.30.0","v1.31.0","v1.32.0","v1.33.0","v1.34.0","v1.35.0","v1.35.1","v1.36.0","v1.36.1","v1.37.0","v1.38.0","v1.39.0","v1.39.1","v1.4.0","v1.4.1","v1.40.0","v1.41.0","v1.41.1","v1.41.2","v1.42.0","v1.42.1","v1.43.0","v1.43.1","v1.44.0","v1.44.1","v1.45.0","v1.45.1","v1.45.2","v1.47.0","v1.47.1","v1.47.2","v1.48.0","v1.48.1","v1.48.2","v1.49.0","v1.5.0","v1.5.1","v1.50.0","v1.51.0","v1.51.1","v1.51.2","v1.52.0","v1.54.0","v1.55.0","v1.55.1","v1.56.0","v1.56.1","v1.57.0","v1.58.0","v1.59.0","v1.6.0","v1.60.0","v1.61.0","v1.63.0","v1.64.0","v1.64.1","v1.64.2","v1.65.0","v1.66.0","v1.66.1","v1.67.0","v1.68.0","v1.68.1","v1.7.0","v1.7.1","v1.70.0","v1.70.1","v1.70.2","v1.72.0","v1.72.1","v1.72.2","v1.73.0","v1.73.1","v1.74.0","v1.74.1","v1.75.0","v1.76.0","v1.77.0","v1.78.0","v1.79.0","v1.80.0","v1.81.0","v1.81.1","v1.81.2","v1.82.0","v1.83.0","v1.84.0","v1.85.0","v1.86.0","v1.87.0","v1.88.0","v1.89.0","v1.89.1","v1.9.0","v1.90.0","v1.91.0","v1.91.1","v1.92.0","v1.93.0","v1.94.0","v1.95.0","v1.96.0","v1.97.0","v1.98.0","v1.99.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54992.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}]}