CVE-2025-54992

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
N/A
Affected
1
PROJECT

Description

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.

telstra/open-kilda
telstra/open-kilda
OpenKilda is an open-source OpenFlow controller initially designed for use in a global network with high control-plane latency and a heavy emphasis on latency-centric data path optimisation.
GitHubGitHub
83