CVE-2025-54967 – This vulnerability in BAE SOCET GXP allows XML ... (How to Fix)

Q: What is the severity of CVE-2025-54967?

CVE-2025-54967 has a CVSS score of 6.5 (MEDIUM). This vulnerability in BAE SOCET GXP allows XML External Entity (XXE) attacks through malicious files. Attackers can trick users into opening specially crafted files to trigger outbound requests, potentially exposing sensitive information. Users of SOCET GXP versions before 4.6.0.3 are affected.

📋 TL;DR

This vulnerability in BAE SOCET GXP allows XML External Entity (XXE) attacks through malicious files. Attackers can trick users into opening specially crafted files to trigger outbound requests, potentially exposing sensitive information. Users of SOCET GXP versions before 4.6.0.3 are affected.

💻 Affected Systems

Products:

BAE Systems SOCET GXP

Versions: All versions before 4.6.0.3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in XML parsing functionality when processing certain file types.

📦 What is this software?

Socet Gxp by Baesystems

View all CVEs affecting Socet Gxp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive geospatial data through exfiltration, system reconnaissance, and potential server-side request forgery attacks.

🟠

Likely Case

Information disclosure through outbound requests to attacker-controlled servers, potentially exposing internal network details or file contents.

🟢

If Mitigated

Limited impact with proper user training and file validation controls in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to get user to open malicious file. No authentication bypass needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.0.3 or later

Vendor Advisory: https://www.geospatialexploitationproducts.com/content/socet-gxp/vulnerabilities-disclosure/#cve-2025-54967

Restart Required: No

Instructions:

1. Download SOCET GXP version 4.6.0.3 or later from BAE Systems. 2. Install the update following vendor instructions. 3. Verify the installation completed successfully.

🔧 Temporary Workarounds

Disable external entity processing

all

Configure XML parsers to disallow external entity resolution

User training and file validation

all

Train users to only open trusted files and implement file validation controls

🧯 If You Can't Patch

Implement strict file validation policies to block untrusted XML files
Use application whitelisting to restrict which files SOCET GXP can open

🔍 How to Verify

Check if Vulnerable:

Check SOCET GXP version in Help > About menu. If version is below 4.6.0.3, system is vulnerable.

Check Version:

Check Help > About menu in SOCET GXP application

Verify Fix Applied:

Verify version shows 4.6.0.3 or higher in Help > About menu after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound network connections from SOCET GXP process
Multiple failed file parsing attempts
User opening unusual file types

Network Indicators:

Outbound HTTP/HTTPS requests to unusual domains from SOCET GXP
DNS requests for external entities

SIEM Query:

process_name:"socetgxp.exe" AND (destination_ip:external OR dns_query:contains(".dtd"))

📊 Metadata

CVE ID: CVE-2025-54967

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (14th percentile)

Published: October 27, 2025

Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54967, you might also want to check these: