Home

Description

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.

PUBLISHED Reserved 2025-12-11 | Published 2026-04-30 | Updated 2026-04-30 | Assigner RTI




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Security Extensions Enabled

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status
unaffected

7.4.0 (custom) before 7.7.0
affected

7.0.0 (custom) before 7.3.1.1
affected

6.1.0 (custom) before 6.1.*
affected

6.0.0 (custom) before 6.0.*
affected

5.3.0 (custom) before 5.3.*
affected

4.3x (custom) before 5.2.*
affected

References

www.rti.com/vulnerabilities/

cve.org (CVE-2025-14543)

nvd.nist.gov (CVE-2025-14543)

Download JSON