CVE-2025-52162 is a security vulnerability identified in agorum Software GmbH's Agorum core open versions 11.9.2 and 11.10.1. The vulnerability is classified as an XML External Entity (XXE) injection flaw, which occurs in the RSSReader endpoint of the affected software. XXE vulnerabilities arise when XML input containing a reference to an external entity is processed by an XML parser that does not properly restrict such references. In this case, an attacker can craft a malicious XML payload that exploits the RSSReader endpoint to trigger the XML parser to access external entities. This can lead to unauthorized disclosure of sensitive data residing on the server or accessible to the server, such as local files or internal network resources. The vulnerability does not require authentication, meaning that an attacker can exploit it without valid credentials, and it does not require user interaction beyond sending the crafted XML input to the vulnerable endpoint. Although no known exploits are currently reported in the wild, the presence of this vulnerability in versions 11.9.2 and 11.10.1 of Agorum core open indicates a significant risk if left unpatched. The lack of a CVSS score suggests that the vulnerability is newly published and has not yet been fully assessed for severity by standard scoring systems. The RSSReader endpoint is likely used to parse RSS feeds, and improper handling of XML input here opens a vector for attackers to extract sensitive information or potentially conduct further attacks such as server-side request forgery (SSRF) or denial of service, depending on the server's configuration and the XML parser's behavior.

For European organizations using Agorum core open versions 11.9.2 or 11.10.1, this XXE vulnerability poses a significant risk to confidentiality and potentially availability. Sensitive internal files or configuration data could be exposed to attackers, leading to data breaches or leakage of intellectual property. Since the vulnerability does not require authentication, attackers can remotely exploit it, increasing the attack surface. This is particularly concerning for organizations handling sensitive or regulated data under GDPR, as unauthorized data disclosure could result in regulatory penalties and reputational damage. Additionally, exploitation could be leveraged as a foothold for further network intrusion or lateral movement within the organization’s infrastructure. The impact is heightened for organizations that integrate Agorum core open into critical business workflows or document management systems, as compromise here could disrupt operations or expose sensitive business information. Given the absence of known exploits in the wild, the risk is currently theoretical but could escalate rapidly once exploit code becomes available. European organizations should prioritize assessment and mitigation to avoid potential data breaches and compliance violations.

To mitigate this vulnerability, European organizations should immediately identify any deployments of Agorum core open versions 11.9.2 or 11.10.1. Since no official patches or updates are currently linked, organizations should contact agorum Software GmbH for guidance on patch availability or workarounds. In the interim, organizations can implement the following specific measures: 1) Restrict access to the RSSReader endpoint by network segmentation or firewall rules to limit exposure to trusted internal users or IP ranges. 2) Employ Web Application Firewalls (WAFs) with rules designed to detect and block malicious XML payloads, particularly those containing external entity references. 3) Disable or configure the XML parser used by the RSSReader endpoint to disallow external entity processing, if configuration options are available. 4) Monitor logs for unusual XML input patterns or failed parsing errors that may indicate exploitation attempts. 5) Conduct internal audits of sensitive data accessible via the application to assess potential exposure. 6) Prepare incident response plans to quickly address any detected exploitation. Organizations should also maintain up-to-date backups and ensure secure coding practices are followed in future software updates to prevent recurrence.