QwikSec

Security Database

CVE

CWE

Training

CVE-2025-54992

Published: Aug 11, 2025

Modified: Aug 12, 2025

PUBLISHED

Description

OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.

Vendor	Product	Versions
telstra	open-kilda	affected `< 1.164.0`

Weaknesses (CWE)

References

https://github.com/telstra/open-kilda/security/advisories/GHSA-43rg-6r66-6hr7

x_refsource_CONFIRM

https://github.com/telstra/open-kilda/pull/5778

x_refsource_MISC

https://github.com/telstra/open-kilda/commit/1eddb4983a6287d083e3e99a56dc4c291abd347e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.