CVE-2025-2070
CVSS 3.1 Score 5 of 10 (medium)
Details
Published Apr 25, 2025
Updated: Apr 29, 2025
CWE ID 611
Summary
CVE-2025-2070 is an XML parsing vulnerability affecting the FileZ client. A local user who visits a specially crafted URL can exploit this flaw, resulting in arbitrary file reads on the system. This issue could potentially lead to serious data breaches or system compromises. The vulnerability arises due to the client's failure to adequately sanitize XML input, enabling attackers to execute malicious code and access sensitive files. Users are advised to update their FileZ client software as soon as a patch becomes available to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.