{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T07:07:10.350","vulnerabilities":[{"cve":{"id":"CVE-2024-25066","sourceIdentifier":"cve@mitre.org","published":"2025-02-17T21:15:10.993","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur."},{"lang":"es","value":"RSA Authentication Manager anterior a la versión 8.7 SP2 Patch 1 permite ataques de entidad externa XML (XXE) a través de un archivo de licencia, lo que hace que los archivos controlados por el atacante se almacenen en el servidor del producto. No se puede producir la exfiltración de datos."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"references":[{"url":"https://community.rsa.com/s/advisories","source":"cve@mitre.org"},{"url":"https://community.rsa.com/s/article/RSA-Authentication-Manager-8-7-SP2-Patch-1-Readme","source":"cve@mitre.org"},{"url":"https://github.com/KaiwenTM/CVE_POC/blob/main/CVE-2024-25066.txt","source":"cve@mitre.org"},{"url":"https://www.rsa.com/en-us/company/vulnerability-response-policy","source":"cve@mitre.org"}]}}]}