CNNVD-202509-4415 Information

CNNVD ID

CNNVD-202509-4415

Related CVE

CVE-2025-48006

• CNNVD Published: 2025-09-29

Description (Chinese)

Ashisuto DataSpider Servista是日本Ashisuto公司的一个企业数据集成平台。 Ashisuto DataSpider Servista 4.4及之前版本存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致读取服务器文件系统上的任意文件或拒绝服务。

Description (English)

Ashisuto DataSpider Servista is a platform for the integration of enterprise data sets from Ashsuto, Japan. Ashisuto DataSpider Servista 4.4 and earlier versions had a code problem loophole, which stemmed from inappropriate citation restrictions by an external XML entity and could lead to arbitrary documents or denials of service on the server file system.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Ashisuto

Published

2025-09-29

Last Modified

2026-02-24

References

https://jvn.jp/en/jp/JVN23423519/ https://www.hulft.com/application/files/1217/5885/0217/information_20250926.pdf

Patch

https://www.hulft.com/application/files/1217/5885/0217/information_20250926.pdf