CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

June 24, 2025

CVE ID : CVE-2025-52888

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53021 – “Moodle Session Fixation Vulnerability”

Next Article CVE-2025-52882 – Claude Code WebSocket Remote Code Execution (RCE)

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

Sam Altman says ChatGPT has evolved beyond a mere “Google replacement” — with ads potentially coming to users

What Are the PHP Trends in 2025

What Are the PHP Trends in 2025

Real-Time Observability for Node.js – Without Code Changes

Elevating API Automation: Exploring Karate as an Alternative to Rest-Assured

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

Gemma Scope: helping the safety community shed light on the inner workings of language models

Using StatsD for monitoring Oracle databases running on Amazon RDS or Amazon EC2

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

The rumored Persona 4 Remake has now been officially announced for Xbox, Xbox Game Pass, and PC Game Pass as ‘Persona 4 Revival’

CVE-2025-47725 – Delta Electronics CNCSoft Remote Code Execution Vulnerability

Scaling up learning across many different robot types

CVE-2025-6177 – Google ChromeOS MiniOS Debug Shell Privilege Escalation

mortexa/laravel-arkitect

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

Related Posts