CVE-2025-66370 | Kivitendo up to 3.9.1 ZUGFeRD xml external entity reference

Inserito da Angelo Barbosa | Nov 28, 2025 | CVE

A vulnerability was found in Kivitendo up to 3.9.1. It has been declared as problematic. This impacts an unknown function of the component ZUGFeRD Handler. The manipulation results in xml external entity reference.

This vulnerability was named CVE-2025-66370. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2025-66370 | Kivitendo up to 3.9.1 ZUGFeRD xml external entity reference

Post correlati

CVE-2023-28896 | Škoda Superb III Unified Diagnostics Services weak encoding for password

CVE-2025-5265 | Mozilla Firefox up to 138 on Windows Copy as cURL Remote Code Execution

CVE-2025-13276 | g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455 /index.php Username sql injection

CVE-2025-26363 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua missing authentication