Ghidra
CVE-2019-13625
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
AnalysisAI
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. Affected products include: Nsa Ghidra. Version information: before 9.0.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading
NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files featu
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. Ra
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive)
Command injection in NSA Ghidra (versions before 12.0.3) executes arbitrary commands when analysts click on maliciously
SQL injection in Ghidra's BSim binary-similarity component (versions before 12.1) allows authenticated remote attackers
Authentication bypass in NSA Ghidra versions prior to 12.1 allows any holder of a valid CA-signed certificate to imperso
SQL injection in Ghidra's PostgreSQL collaboration backend (versions 11.0 through pre-12.1) allows authenticated users t
Remote code execution in NSA Ghidra before version 12.1 allows attackers to execute arbitrary commands when a user opens
Command injection in Ghidra versions before 12.1 on Windows allows attackers to execute arbitrary OS commands under the
Arbitrary file write in NSA's Ghidra reverse-engineering framework before version 12.0.4 allows attackers to escape the
Arbitrary file write in NSA Ghidra versions prior to 12.0.2 allows local attackers to achieve code execution by tricking
Share
External POC / Exploit Code
Leaving vuln.today