CVE-2025-14543
published 2026-04-30CVE-2025-14543: Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue…
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.21%
10.6th percentile
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rti | connext_professional | 4.3.0 – 5.2.3 | — |
| rti | connext_professional | >= 4.3x < 5.2.* | 5.2.* |
| rti | connext_professional | >= 5.3.0 < 5.3.* | 5.3.* |
| rti | connext_professional | 5.3.0 – 5.3.1.45 | — |
| rti | connext_professional | >= 6.0.0 < 6.0.* | 6.0.* |
| rti | connext_professional | 6.0.0 – 6.0.1.40 | — |
| rti | connext_professional | >= 6.1.0 < 6.1.* | 6.1.* |
| rti | connext_professional | 6.1.0 – 6.1.2.27 | — |
| rti | connext_professional | >= 7.0.0 < 7.3.1.1 | 7.3.1.1 |
| rti | connext_professional | >= 7.4.0 < 7.7.0 | 7.7.0 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3grg-c26q-4w39: Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking
ghsa_unreviewed·2026-04-30
CVE-2025-14543 [HIGH] CWE-611 GHSA-3grg-c26q-4w39: Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
VulDB
RTI Connext Professional prior 7.7.0 xml external entity reference
vuldb·2026-04-30·CVSS 8.8
CVE-2025-14543 [HIGH] RTI Connext Professional prior 7.7.0 xml external entity reference
A vulnerability categorized as problematic has been discovered in RTI Connext Professional. Affected is an unknown function. Such manipulation leads to xml external entity reference.
This vulnerability is documented as CVE-2025-14543. The attack needs to be performed locally. There is not any exploit available.
It is advisable to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-30
Published