CVE-2025-47184 is an XML External Entities (XXE) injection vulnerability affecting the /init API endpoint of Exagid EX10 devices running firmware versions prior to 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08. This vulnerability allows an authenticated but unprivileged attacker to send a specially crafted ISys XML message that exploits improper handling of XML external entities. The XXE flaw enables the attacker to disclose sensitive information from the device and escalate privileges beyond their assigned access level. The vulnerability is categorized under CWE-91, which relates to improper control of XML external entity references. The CVSS v3.1 base score is 5.3 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, no privileges required, no user interaction needed, and impact limited to confidentiality (information disclosure). There is no indication of integrity or availability impact. No known exploits are currently reported in the wild, and no official patches or mitigation links have been published yet. The vulnerability requires authentication but no elevated privileges, making it a concern for environments where unprivileged authenticated access is possible. The flaw resides in the XML parsing logic of the /init API endpoint, which processes ISys XML messages without properly restricting external entity references, allowing attackers to read arbitrary files or internal data and potentially leverage this information to gain higher privileges on the device.

For European organizations using Exagid EX10 devices, particularly in sectors relying on secure network storage or data management appliances, this vulnerability poses a risk of sensitive information leakage and unauthorized privilege escalation. The information disclosure could expose configuration files, credentials, or other sensitive data stored on the device, potentially facilitating further attacks or lateral movement within the network. Privilege escalation could allow attackers to gain administrative control over the device, undermining the security posture of the affected infrastructure. Given that Exagid EX10 devices are often deployed in enterprise and government environments for secure data storage, exploitation could lead to compromise of critical data assets. The medium severity score reflects that while the vulnerability does not directly impact system availability or integrity, the confidentiality breach and privilege escalation potential can have significant operational and compliance consequences, especially under stringent European data protection regulations such as GDPR. Organizations may face data breach notification requirements and reputational damage if exploited.

To mitigate CVE-2025-47184, European organizations should: 1) Immediately inventory and identify all Exagid EX10 devices in their environment and verify firmware versions to determine exposure. 2) Apply vendor-released patches or firmware updates as soon as they become available for versions 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 or later. 3) Restrict access to the /init API endpoint by implementing network segmentation and firewall rules to limit access only to trusted management hosts and administrators. 4) Enforce strong authentication and authorization controls to minimize the number of users with any access to the device, reducing the attack surface for authenticated but unprivileged attackers. 5) Monitor device logs and network traffic for unusual XML payloads or repeated failed attempts to access the /init endpoint, which may indicate exploitation attempts. 6) Disable or restrict XML external entity processing in the device configuration if possible, or request vendor guidance on secure XML parsing configurations. 7) Conduct regular security assessments and penetration tests focusing on API endpoints to detect similar injection vulnerabilities. These steps go beyond generic advice by focusing on immediate access control, monitoring, and configuration hardening specific to the vulnerable API and device type.