CNNVD-202508-2633 Information

CNNVD ID

CNNVD-202508-2633

Related CVE

CVE-2025-47184

• CNNVD Published: 2025-08-21

Description (Chinese)

Exagrid EX10是美国Exagrid公司的一款备份存储服务器。 Exagrid EX10 7.0.1p02版本存在安全漏洞，该漏洞源于/init API端点存在XML外部实体注入，可能导致信息泄露和权限提升。

Description (English)

Exagrid EX10 is a back-up storage server for Exagrid, United States. There is a security loophole in Exagrid EX10 7.1 p02, which originates from the presence of an XML external entity at the /init API endpoint, which may result in information leaks and enhanced authority.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ExaGrid

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.exagrid.com/exagrid-products/exagrid-product-line/ https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0004.md https://nvd.nist.gov/vuln/detail/CVE-2025-47184 https://access.redhat.com/security/cve/cve-2025-47184

Patch

https://www.exagrid.com/