CVE-2025-54992 – OpenKilda OpenFlow XXE Injection

August 11, 2025

CVE ID : CVE-2025-54992

Published : Aug. 11, 2025, 10:15 p.m. | 1 hour, 53 minutes ago

Description : OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55151 – Stirling-PDF SSRF Vulnerability

Next Article CVE-2025-55012 – Zed Agent Panel Remote Code Execution Permissions Bypass

Highlights

CVE-2024-48916 – Ceph JWT Algorithm Validation Bypass Vulnerability

July 30, 2025

CVE ID : CVE-2024-48916

Published : July 30, 2025, 8:15 p.m. | 3 hours, 29 minutes ago

Description : Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has “none” as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-54992 – OpenKilda OpenFlow XXE Injection

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2025-5734 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

Memoized Cache Driver in Laravel 12.9

Distribution Release: Security Onion 2.4.160

Designing AI features people actually want

CVE-2024-48916 – Ceph JWT Algorithm Validation Bypass Vulnerability

CVE-2024-51666 – Automattic Tours Missing Authorization Vulnerability

CVE-2025-3714 – “LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability”

CVE-2025-8763 – Ruijie EG306MG StrongSwan Aggressive Mode PSK Encryption Bypass Vulnerability

CVE-2025-54992 – OpenKilda OpenFlow XXE Injection

Related Posts