CVE-2025-49493
published 2025-06-30CVE-2025-49493: Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
PriorityP181medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.40%
87.3th percentile
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| akamai | cloudtest | < 12988 | 12988 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
matchers: - type: dsl dsl: - 'contains(interactsh_protocol, "dns")' - 'contains(content_type, "text/xml")' - 'contains(body, "XML stream")' condition: and
- →Successful exploitation is confirmed by three concurrent conditions: an OOB DNS callback (interactsh_protocol == dns), a response Content-Type of text/xml, and the string 'XML stream' present in the response body. Monitor for all three together. ↗
- →Vulnerable versions are Akamai CloudTest before build 60 2025.06.02 (12988). Any instance running an older build accepting XML input should be treated as exploitable. ↗
- ·The digest hash at the end of the template is a Nuclei template integrity/signing digest, not a malware hash. It should not be used as a file-based IOC. ↗
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g536-463c-q7r3: Akamai CloudTest before 60 2025
ghsa_unreviewed·2025-06-30
CVE-2025-49493 [MEDIUM] CWE-611 GHSA-g536-463c-q7r3: Akamai CloudTest before 60 2025
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
VulnCheck
akamai cloudtest Improper Restriction of XML External Entity Reference
vulncheck·2025·CVSS 5.8
CVE-2025-49493 [MEDIUM] akamai cloudtest Improper Restriction of XML External Entity Reference
akamai cloudtest Improper Restriction of XML External Entity Reference
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
Affected: akamai cloudtest
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-07-31&host_type=src&vulnerability=cve-2025-49493; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-08-02&host_type=src&vulnerability=cve-2025-49493; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-08-06&host_type=src&vulnerability=cve-2025-49493; https://d
No detection rules found.
Nuclei
Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)
nuclei·CVSS 5.8
CVE-2025-49493 [MEDIUM] Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)
Akamai CloudTest
]>
&xxe;
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "dns")'
- 'contains(content_type, "text/xml")'
- 'contains(body, "XML stream")'
condition: and
# digest: 490a0046304402207c94203c73c2582fcea32f0df1b6d912eb68e24b6437e2f17aa6833e6a0ef0fc022050442b6548ad448388719ac5e36d181731230b4b38778031f1ed6978e0ce30fd:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-06-30
Published
Exploited in the wild