AI description
CVE-2025-49493 affects Akamai CloudTest before version 60 2025.06.02 (12988). It involves a file inclusion vulnerability due to XML External Entity (XXE) injection. The vulnerability is located in multiple SOAP endpoints, such as /concerto/services/CollectorService, /concerto/services/Concerto, and /concerto/services/SampleService. The vulnerability has been fixed by disabling DTD processing entirely, preventing XXE attacks at the parser level.
- Description
- Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.8
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-611
- Hype score
- Not currently trending
🚨 CVE-2025-49493 - critical 🚨 Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE) > Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External ... 👾 https://t.co/0yqpzdO53m @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
12 Jul 2025
350 Impressions
4 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-49493 : Akamai CloudTest Allows File Inclusion via XML External Entity (XXE) injection. @B1ackash https://t.co/4T2nU5oZ1M
@freedomhack101
5 Jul 2025
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-49493:Akamai CloudTest Allows File Inclusion via XML External Entity (XXE) injection. #infosec #infosecurity #OSINT #Vulnerability https://t.co/96eCulQU9m
@B1ackash
4 Jul 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/VpBPgtzToX 🚨🚨CVE-2025-49493: Akamai CloudTest is vulnerable to XXE Injection! Attackers can exploit the SOAP endpoint for file inclusion. 🔥PoC: https://t.co/ch49ccf4I5 Search by vul.cve https://t.co/4pr3
@zoomeye_team
3 Jul 2025
847 Impressions
3 Retweets
13 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2025-49493 : Poc Akamai CloudTest - XXE Injection Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection through the /concerto/servic es/ RepositoryService SOAP endpoint. https://t.co/RyKrBz6yZz https://t.co/WiYUaaNQT6
@freedomhack101
2 Jul 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - MuhammadWaseem29/CVE-2025-49493-Poc - https://t.co/P2SoPOfCHN
@piedpiper1616
2 Jul 2025
768 Impressions
2 Retweets
8 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-49493 XML External Entity (XXE) Injection Vulnerability in Akamai Cloud... https://t.co/LfGuzFGRol Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
1 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49493 Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection. https://t.co/ha3xuK7ItM
@CVEnew
30 Jun 2025
420 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Even mature products hide critical flaws – and @XBOW just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by @djurado9 https://t.co/
@Xbow
30 Jun 2025
25529 Impressions
35 Retweets
180 Likes
66 Bookmarks
6 Replies
7 Quotes