CVE-2025-31497
📋 TL;DR
TEIGarage's Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability that allows attackers to read arbitrary files from the server's filesystem. This affects all TEIGarage deployments using vulnerable versions, potentially exposing configuration files, credentials, or other sensitive data. The vulnerability could also enable server-side request forgery (SSRF) attacks against internal services.
💻 Affected Systems
- TEIGarage
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through credential theft, sensitive data exfiltration, and lateral movement via SSRF to internal services.
Likely Case
Unauthorized reading of sensitive files containing credentials, configuration data, or application secrets.
If Mitigated
Limited impact if external entity processing is disabled or proper network segmentation prevents SSRF.
🎯 Exploit Status
XXE vulnerabilities are well-understood and easily exploitable with standard XXE payloads. No authentication required to access the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.4
Vendor Advisory: https://github.com/TEIC/TEIGarage/security/advisories/GHSA-w2hq-3cjc-2x55
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Stop TEIGarage service. 3. Update to version 1.2.4 via package manager or manual installation. 4. Restart TEIGarage service. 5. Verify functionality.
🔧 Temporary Workarounds
Disable External Entity Processing
allConfigure XML parser to disable external entity resolution by enabling secure processing features.
Set XMLConstants.FEATURE_SECURE_PROCESSING to true in XML parser configuration
🧯 If You Can't Patch
- Implement network-level controls to restrict TEIGarage's access to internal services and sensitive file paths.
- Deploy a web application firewall (WAF) with XXE protection rules to block malicious XML payloads.
🔍 How to Verify
Check if Vulnerable:
Check TEIGarage version. If version < 1.2.4, the system is vulnerable. Test with XXE payload: <?xml version="1.0"?><!DOCTYPE root [<!ENTITY test SYSTEM "file:///etc/passwd">]><root>&test;</root>Check Version:
Check TEIGarage application logs or configuration files for version information, or use package manager query appropriate for your installation method.Verify Fix Applied:
After patching to 1.2.4, attempt the same XXE test payload. It should return an error or empty response instead of file contents.📡 Detection & Monitoring
Log Indicators:
- Unusual XML parsing errors
- File system access attempts from TEIGarage process
- Large XML file uploads with DOCTYPE declarations
Network Indicators:
- HTTP requests containing XML with external entity references
- Outbound connections from TEIGarage server to unexpected internal services
SIEM Query:
source="teigarage" AND (message="*DOCTYPE*" OR message="*ENTITY*" OR message="*XXE*")