CNNVD-202508-970 Information
Aug 11, 2025
cve
CNNVD ID
CNNVD-202508-970
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
open-kilda是Telstra开源的一个OpenFlow控制器。 open-kilda 1.164.0之前版本存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致信息泄露。
Description (English)
Open-kilda is an OpenFlow controller at Telstra Open Source. An open-kilda 1.164.0 pre-version has a code problem loophole, which originates from the injection of an outside XML entity and could lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Telstra
Published
2025-08-11
Last Modified
2026-02-24
References
https://github.com/telstra/open-kilda/pull/5778 https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7 https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e https://access.redhat.com/security/cve/cve-2025-54992
Patch
https://github.com/telstra/open-kilda/releases
Share on: