Spatial Information System

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-68280 MEDIUM PATCH This Month

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the following SIS services: * Reading of GeoTIFF files having the GEO_METADATA tag defined by the Defense Geospatial Information Working Group (DGIWG). * Parsing of ISO 19115 metadata in XML for...

Apache Java XXE Spatial Information System

NVD

CVSS 3.1

6.5

EPSS

0.1%

CVE-2025-68280

EPSS 0% CVSS 6.5

MEDIUM PATCH This Month

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the following SIS services: * Reading of GeoTIFF files having the GEO_METADATA tag defined by the Defense Geospatial Information Working Group (DGIWG). * Parsing of ISO 19115 metadata in XML for...

Apache Java XXE +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy