Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Remote unauthenticated XML submission with low complexity yields file/internal-data disclosure (C:H); no integrity or availability impact, scope kept unchanged absent confirmed SSRF pivot.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking.
This issue affects NetGIS: from 5.0.66 before 7.2.2.
AnalysisAI
Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires reaching a NetGIS endpoint that accepts XML or other serialized data and parses it with external-entity resolution enabled ('Serialized Data External Linking' per the advisory); the malicious payload must include an external entity/DOCTYPE reference. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote, low-complexity, unauthenticated exploitation with high confidentiality impact but no integrity or availability impact - consistent with a data-disclosure XXE rather than remote code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote, unauthenticated attacker submits a crafted XML/serialized document to a NetGIS endpoint that accepts XML, embedding a DOCTYPE with an external entity such as SYSTEM 'file:///etc/passwd' or a URL to an internal host. The vulnerable parser resolves the entity and returns or leaks the referenced file contents or internal service responses, giving the attacker sensitive local data and a foothold for internal reconnaissance. … |
| Remediation | Upgrade NetGIS to version 7.2.2 or later, which is the first release outside the affected range (Vendor-released patch: 7.2.2). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct a complete inventory of all systems running NetGIS versions 5.0.66 through 7.2.1 and document network exposure points; implement firewall rules to restrict network access to NetGIS services from untrusted sources; establish an incident response readiness plan. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45165
GHSA-wrw3-44cj-hmrf