CVE-2025-14543
CRITICAL WAF: High
CVSS 9.1
Published: 2026-04-30
CWE-611
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| rti | connext_professional | 4.3.0 - 5.2.3 |
| rti | connext_professional | 5.3.0 - 5.3.1.45 |
| rti | connext_professional | 6.0.0 - 6.0.1.40 |
| rti | connext_professional | 6.1.0 - 6.1.2.27 |
| rti | connext_professional | 7.0.0 - 7.3.1.1 |
| rti | connext_professional | 7.4.0 - 7.7.0 |
References
- www.rti.com (Vendor Advisory)