{"data":{"id":"6e7e249b-9e15-423b-a042-001dbd1fb224","title":"CVE-2025-53621: DSpace open source software is a repository application which provides durable access to digital resources. Two related ","summary":"DSpace, an open-source application for storing and accessing digital files, has a vulnerability in versions before 7.6.4, 8.2, and 9.1 where it doesn't properly disable XML External Entity (XXE) injection, a technique where attackers embed malicious code in XML files to read sensitive files or steal data from the server). The vulnerability affects both the command-line import tool and the web interface's batch import feature, but only administrators can trigger it by importing archive files.","solution":"The source explicitly states: 'The fix is included in DSpace 7.6.4, 8.2, and 9.1. Please upgrade to one of these versions.' For organizations unable to upgrade immediately, the source mentions: 'it is possible to manually patch the DSpace backend' and recommends administrators 'carefully inspect any SAF archives (they did not construct themselves) before importing' and 'affected external services can be disabled to mitigate the ability for payloads to be delivered via external service APIs.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-53621","publishedAt":"2025-07-15T19:15:25.517Z","cveId":"CVE-2025-53621","cweIds":["CWE-611"],"cvssScore":"6.9","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ArXiv","Crossref","OpenAIRE","Creative Commons"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00052,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}