CVE-2025-52888 | allure-framework allure2 up to 2.34.0 XML Parser DocumentBuilderFactory xml external entity reference (GHSA-h7qf-qmf3-85qg / EUVD-2025-19057)

A vulnerability classified as critical has been found in allure-framework allure2 up to 2.34.0. Affected is the function DocumentBuilderFactory of the component XML Parser. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2025-52888. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More