Skip to main content

Keyoti SearchUnit EUVDEUVD-2025-17677

| CVE-2025-44044 HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2025-06-10 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17677
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 16:15 nvd
HIGH 7.5

DescriptionCVE.org

Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.

AnalysisAI

Keyoti SearchUnit versions prior to 9.0.0 contain an XML External Entity (XXE) injection vulnerability that allows unauthenticated remote attackers to exfiltrate sensitive files from affected systems. The vulnerability has a CVSS 3.1 score of 7.5 (High) with a network attack vector, no privileges required, and no user interaction needed. While no public POC or active in-the-wild exploitation has been widely documented, the straightforward attack vector and high confidentiality impact make this a significant risk for organizations running vulnerable SearchUnit instances.

Technical ContextAI

The vulnerability exists in Keyoti SearchUnit's XML parsing functionality, which fails to properly disable or restrict XML External Entity (XXE) processing as defined in CWE-611. When SearchUnit processes user-supplied or attacker-controlled XML or DTD files, an attacker can inject malicious entity definitions that force the parser to resolve external resources (file://, http://, etc.). This allows reading arbitrary files accessible to the SearchUnit process user context. The affected product is Keyoti SearchUnit (CPE likely: cpe:2.3:a:keyoti:searchunit:*:*:*:*:*:*:*:*), with versions below 9.0.0 being vulnerable. The root cause is improper configuration of the underlying XML parser library to disable DOCTYPE declarations and external entity resolution.

RemediationAI

Immediate remediation: Upgrade Keyoti SearchUnit to version 9.0.0 or later. This is the only confirmed patch version. Organizations unable to patch immediately should implement compensating controls: (1) Restrict network access to SearchUnit instances using firewall rules or WAF policies to block external/untrusted network access, (2) Implement input validation and filtering to reject XML/DTD payloads containing DOCTYPE declarations or SYSTEM/PUBLIC entities, (3) Configure SearchUnit to run under a minimal-privilege service account with restricted file system access, (4) Monitor SearchUnit logs for suspicious XML parsing errors or unusual file access patterns. For detailed patch instructions and vendor advisories, contact Keyoti support or check the official Keyoti SearchUnit release notes for version 9.0.0.

Share

EUVD-2025-17677 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy