CVE-2025-47293
- Source
- https://cve.org/CVERecord?id=CVE-2025-47293
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47293.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-47293
- Aliases
- Published
- 2025-06-19T21:35:40.992Z
- Modified
- 2026-04-12T16:30:26.970583Z
- Severity
-
- 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- PowSyBl Core XML Reader allows XXE and SSRF
- Details
-
PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-611", "CWE-918" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47293.json" }- References
-
- https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47293.json
- https://github.com/powsybl/powsybl-core/security/advisories/GHSA-qpj9-qcwx-8jv2
- https://nvd.nist.gov/vuln/detail/CVE-2025-47293
- https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc
Affected packages
Git / github.com/powsybl/powsybl-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/powsybl/powsybl-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/powsybl/powsybl-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.1.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v3.*
v3.0.0
v3.3.0-RC1
v3.5.0-RC1
v3.7.0-RC1
v3.8.0-RC1
v4.*
v4.0.0-RC1
v4.1.0-RC1
v4.10.0-RC1
v4.2.0-RC1
v4.4.0-RC1
v4.5.0-RC1
v4.6.0-RC1
v4.7.0-RC1
v4.8.0-RC1
v4.9.0-RC1
v5.*
v5.0.0-RC1
v5.1.0-RC1
v5.2.0-RC1
v5.3.0
v6.*
v6.0.0-RC1
v6.1.0
v6.2.0-RC1
v6.3.0
v6.4.0-RC1
v6.5.0-RC1
v6.6.0-RC1
v6.7.0
v6.7.0-RC1
v6.7.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47293.json"
vanir_signatures_modified
"2026-04-12T16:30:26Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "316400845947264385968526695032824037259",
"length": 1078.0
},
"id": "CVE-2025-47293-0827c6ce",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/config/PropertiesModuleConfigRepository.java",
"function": "writeXml"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"48156170255604131124829310200696827323",
"235176432978056269913952479781658665072",
"57591785703911199421150314881941387651",
"283901052374438105347937792758160682541",
"268598135601223192584902635137392200627",
"11532155480265811672291988663492315675",
"169893115198204014006097589727701827337",
"116367611318750290370812284315617482691",
"162539620189612853910986187155561558772",
"167558447121284829812748390275018561757",
"97540512709393698621503751444726363988",
"210745984145477646569584665238777254584",
"179736685895741463195750204616827303300",
"121161374140576897725376944696198350307",
"48996861698972422156775410330429227932",
"258154066186809852307147487983741663858",
"135414373379717453396119557778268567517",
"82353669580909696749203729193753711586",
"190936513083357753991633420071551580305",
"305189443259684490095443880216238562901",
"245452849678759989343332434765339345391",
"116145769419144108434819983160381242970",
"7207511936671146582332504555815381893",
"258154066186809852307147487983741663858",
"135414373379717453396119557778268567517",
"120470765234788756761438160655078601919",
"134327943566990019033198197066560858519",
"15964554588966363373608869513377675885",
"294333259003488059304711384620458148066",
"122157193116697078632041401422454822879",
"112111568237088251399493256894852078288",
"58322505377706651676415368823159558048"
]
},
"id": "CVE-2025-47293-09b907ea",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/NamespaceReader.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"143864080135593612781859452652257918470",
"274664711287427727772560302125215483893",
"123207867255340921415540117493596279785",
"311240969882348787844807603860066603861",
"55666489236607286528328741514431132500",
"168849246607594098428730665039909285480",
"338914475446787687335946733316176678740",
"258180816469447494463205069879859834212",
"144062200567354267649124357788288327297",
"164997938055483882869335642172635077505",
"52265855769222651015823205360113419918",
"49822181847572988489015352418603735008",
"145840431534314704810525182465528805417",
"282388649326859878177511863932884095227",
"66139458824615417635798984455949798922",
"38945740890690872392625739319842069002",
"93478913181720315340007405673879446482",
"283273051093156612350233808903199189180",
"232465850654900667121815277597174816504",
"311523697613014477684727360743172100272",
"143822330822945595665007534557622279671",
"225610871928993570791911322965260542805",
"74297522798758261871615160268629654097",
"261895249665474708508946175986257346600",
"313066310605989188345186443923754192260",
"71780129521042734687661918967862929640",
"1185564951309224327425149938353709195",
"227369889028721657790548442121090058396"
]
},
"id": "CVE-2025-47293-0ce5d3ea",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/FullModel.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "44464024484937820540603087543353288472",
"length": 1104.0
},
"id": "CVE-2025-47293-1086e7ee",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/SteadyStateHypothesisExportTest.java",
"function": "readSshControlAreas"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"310430691398292962000175019310048499075",
"215056999673281874285887478477236060447",
"79248297326618691255877687776269558323",
"283901052374438105347937792758160682541",
"142653269479114852968718738443347641226",
"200847778801387881801538532143270006497",
"251619313222742698786045053722152607207",
"82518641009486668549366532095341984816",
"239259149200182852511773759320980793318",
"158325468946712030140717714754035010394",
"38668049077882924563045921583274622264",
"273231232491475791070079751805578693922"
]
},
"id": "CVE-2025-47293-18fad834",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/ConversionUtil.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "50431686793386853631022844353491111193",
"length": 491.0
},
"id": "CVE-2025-47293-1bcb7034",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CommonGridModelExportTest.java",
"function": "readId"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "17711666299811037467778711885024439823",
"length": 183.0
},
"id": "CVE-2025-47293-2a446d83",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/xml/XmlReader.java",
"function": "close"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "197336715258418286622104715091693841624",
"length": 913.0
},
"id": "CVE-2025-47293-2ba9b576",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/FullModel.java",
"function": "parse"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "199335280355318510246683731811130112727",
"length": 558.0
},
"id": "CVE-2025-47293-31522cc8",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CgmesExportTest.java",
"function": "xmlFileContainsRegulatingControl"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"40892228593543401525808460006800562264",
"205666829173104617612241582517461360455",
"146923086118474240574758681240690581352",
"62417980637610528263813003991757808892",
"155941636509455780516221376172040804311",
"105060375260771427304302406994587365503",
"95392232235881409416409102417137475078",
"242306898248197938969143023737969724264",
"246820872753161149843485371199120286633",
"164897259858668834753461817654532381080",
"236790883735156557564042648787393379990",
"177951750394478197210746434754188777688",
"254993906624634715971978333301635459980",
"281340162542837083248452674296956071844"
]
},
"id": "CVE-2025-47293-32f07a2c",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/config/XmlModuleConfigRepository.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16798515891159584294993653681558889853",
"334216729230977803548907854801264736612",
"324365152605018052404878380884890678797",
"134042350168625940132266974210408199223",
"310466682313922315761148775444850793654",
"40881078523475758765482078892905260361",
"283901052374438105347937792758160682541",
"268598135601223192584902635137392200627",
"7276519854896108829300260096003045604",
"135634897061052186591653480361114584725",
"66472789918821788116055798307010834635",
"289200989662643021093490820714643861022",
"108641375997631213535348188687564609678",
"226546135293639023308560485306455817321",
"24065191691531707804994859800845135149",
"70692946655654924302284732818279678178",
"318268749775950551841152436382986715379",
"27647607566686832265176534427281374249",
"285796662508648361382684528732795975378",
"9474942879737733231845203449212162947",
"220076421303793816797461889642729848978",
"250612141101501550369647077424538732508",
"285771229836308933893077622797614947993",
"49587483795452031323948137556954889510",
"313535780647345303649401722615782739300"
]
},
"id": "CVE-2025-47293-3344412d",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/xml/XmlReader.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "69155033242040197370936561799593577373",
"length": 559.0
},
"id": "CVE-2025-47293-34c4cac6",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/NamespaceReader.java",
"function": "namespaces1"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "125237843174952915397552580414280556560",
"length": 520.0
},
"id": "CVE-2025-47293-36b48dbb",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CommonGridModelExportTest.java",
"function": "readVersion"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"235372533157844506423360589891356323506",
"273169991353053517160548705320641255766",
"69321813711442255993918257622231927869",
"318721501566250388846928256020563216862",
"176875884948226367539411594171025005269",
"40788012429306442584179149210562352669",
"278962387445860700201175035270345226449",
"103427621168394893909848936514133143389",
"256948437624364079233336031084051439494",
"300054643413836560922062004627819155328",
"186084762160053948399187183539553700001",
"89838117278109236757827168386283118561",
"272014381935633440147782131131501152428",
"166779424917995007921756928694805038565",
"270987728490909853737819721592491420361",
"7955926535107162072821099267508946808"
]
},
"id": "CVE-2025-47293-3ebfb095",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/StateVariablesExportTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "272512645757685822508070528680529566927",
"length": 489.0
},
"id": "CVE-2025-47293-41f774c2",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java",
"function": "readTextTest"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322769116296111541348853484515566496812",
"303763651943111797729558253395099549368",
"64047115498508229389913753986825090066",
"238320239854482067070673274859531398933",
"8610863308687448316151522049594358234",
"243006779023474554202010397864540775813",
"58144041513178058110766885363629582788",
"47689729357932847216496414167575572732",
"150695571181715143499001253287828100608",
"225026793891074081240959939940605687483",
"67594893476498673768745765367229108767"
]
},
"id": "CVE-2025-47293-42f007d9",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/SteadyStateHypothesisExportTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "243927737466096175131237210699308487246",
"length": 327.0
},
"id": "CVE-2025-47293-46934e32",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java",
"function": "readUntilStartElementTest"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "145986420218622151879779998389250981191",
"length": 883.0
},
"id": "CVE-2025-47293-5e3b9e6a",
"deprecated": false,
"target": {
"file": "iidm/iidm-serde/src/main/java/com/powsybl/iidm/serde/XMLImporter.java",
"function": "exists"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "259173382365639923795652624251089821854",
"length": 1127.0
},
"id": "CVE-2025-47293-652b3095",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/StateVariablesExportTest.java",
"function": "readSvTapSteps"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"248316270378060703599091578460756056542",
"287934322133445194452860656138128641525",
"261993962913874429780509446692676311637",
"144111862562626659153848815215243932330",
"33432475210086618953957575357205686196",
"176503754287811143166292790845083319708",
"274780788617075780964707110677959865992",
"242737677400139430523547567737574801776",
"28223423692993117969376163892808000533",
"183835742579707862507705043683169399194",
"135047983396513202612952551333993532324"
]
},
"id": "CVE-2025-47293-669f3ef9",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/config/PropertiesModuleConfigRepository.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"249386467659414866052281027219143807343",
"25641330651690171428970960131719367932",
"58946223450524584762318588273314063677",
"283901052374438105347937792758160682541",
"222122785767648519936215394609841275622",
"104623418420221223665243357576150593886",
"53514718451383907373675931350566263801",
"219577837439009032055063341753599736913",
"190941281229840761153801289032944818037",
"106582292048409222470073846311150281029",
"36983492495352222611979472744916892659",
"1952174386530663919022831733397253033"
]
},
"id": "CVE-2025-47293-6e905a8f",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CgmesExportTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "300245884283698853734063138095733171560",
"length": 2014.0
},
"id": "CVE-2025-47293-7277a51a",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/main/java/com/powsybl/cgmes/conversion/CgmesImport.java",
"function": "separateByModelingAuthority"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"234393195560199414917946401344516980963",
"55108360419370959056099393069103932160",
"115867557980154733281647782759123545100",
"153127321501738911100627968720289088835",
"101526499375208268443067559848837315874",
"126443730757556775709854412297993053460",
"92139682546188685938746392388226776733",
"307246994066418994003761321290799637251",
"245932215964250048544010717808367324089",
"234517646010784643216170997165629791840"
]
},
"id": "CVE-2025-47293-72ed93c9",
"deprecated": false,
"target": {
"file": "cim-anonymiser/src/test/java/com/powsybl/cim/CimAnonymizerTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"40417446684519269143970191099047103609",
"128378151874147757505657087702065019417",
"32493812922175357257109147923236327688",
"210376040021688769276501855599683405421",
"252412818639346388832107438470588509483",
"148798075119967643759379142046983789095",
"87356129894517539947764712947069333880",
"218808349573063668842613942653057518156",
"111257463650343436115525641394534016488",
"148798075119967643759379142046983789095",
"87356129894517539947764712947069333880",
"38737716459616949964304722744286516158",
"33291778742972337081563424300735986964",
"232663768629569463238227470693162491550",
"47308022649586604765741391536854674923",
"88626511651897254263298314257466046928",
"173735891343003241095707666027990802585",
"43210863863727358672509912393722716672",
"199116558450520380436998156432313000000",
"195766495418963738842708094598201534937",
"71944507563020421233403995448121255132",
"304183410422277585166395764653830143566",
"263396909828861150808817275666350854593"
]
},
"id": "CVE-2025-47293-8028730d",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"310864061953189463936415141374114834812",
"218980742155913636811602306300997503387",
"40612167786544008131072112100956895033",
"260935847205842969449824904720393598373",
"152801718704109371997083918773602099891",
"252296295551098817685231320359368922836",
"157420783391837108509833481260652593165",
"161122458723110774159550526273886717538",
"153656830864519386745591894294722804839",
"57581625682384743979772140537418990945",
"119574219482497854848870297433790905700",
"232094719940152986846702208508677581431",
"281700801655320544785703099840842533435",
"211320033015151925382495958739456027315",
"99299874025405857254502124209251539150",
"309268083638961450263317532693944513770",
"51110997335750151913422334695618020965",
"250554021845480744318437438628702468130",
"133341468182505065778052894616462503147"
]
},
"id": "CVE-2025-47293-83fd0efe",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/main/java/com/powsybl/cgmes/conversion/CgmesImport.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "280411460102542394809240436476245827439",
"length": 212.0
},
"id": "CVE-2025-47293-882f7e37",
"deprecated": false,
"target": {
"file": "iidm/iidm-serde/src/main/java/com/powsybl/iidm/serde/XMLImporter.java",
"function": "cleanClose"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "145640318800593923158392662214046116071",
"length": 479.0
},
"id": "CVE-2025-47293-8af5d219",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-model/src/main/java/com/powsybl/cgmes/model/NamespaceReader.java",
"function": "base"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241975263118957681538013782507598137760",
"273912754348273206179373340105186807286",
"58946223450524584762318588273314063677",
"283901052374438105347937792758160682541",
"273354869728322719741476206731678281153",
"293373541032676530330293315750808772087",
"65253450996221627012809831261134719269",
"229241181220153132291002874771316186386",
"251685271416570695213524599541923514442",
"124802120398808705872404323858228651712",
"116525559539966847505496787418866770338",
"317406295407910950532771852165175190072",
"2806732824649855714024285786367201778",
"72117894405308322805826737683076981169",
"116525559539966847505496787418866770338",
"212769698831863211627884860591040693835"
]
},
"id": "CVE-2025-47293-93fdef0e",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/CommonGridModelExportTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "301348560707788930192746582935212016423",
"length": 1261.0
},
"id": "CVE-2025-47293-942a5012",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/SteadyStateHypothesisExportTest.java",
"function": "readSshLinearShuntCompensator"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "107489680687943091802897570350703868884",
"length": 409.0
},
"id": "CVE-2025-47293-a54a68dc",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/xml/XmlReader.java",
"function": "XmlReader"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "311776636090640947449939210648025437220",
"length": 1184.0
},
"id": "CVE-2025-47293-ace7f4e3",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/StateVariablesExportTest.java",
"function": "readSvShuntCompensatorSections"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "270159108867536168943764777695720215052",
"length": 764.0
},
"id": "CVE-2025-47293-b33d3630",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/StateVariablesExportTest.java",
"function": "readFirstTopologicalIslandDescription"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "176493240183563220598377533741662111240",
"length": 1201.0
},
"id": "CVE-2025-47293-b3fd6d9f",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java",
"function": "readAttributes"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"26447560942865799585292242148372536399",
"330825242492351910102577856069424363973",
"44981725356962821264988810158689981607",
"325369260739957543817994130381280571971",
"147756877321451049922279678938671669275",
"72647901742740039936060957548839571235",
"158635646645522792063774064639958508328",
"244251724341473673949857843069670292376"
]
},
"id": "CVE-2025-47293-b6cf1fd5",
"deprecated": false,
"target": {
"file": "cim-anonymiser/src/main/java/com/powsybl/cim/CimAnonymizer.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "197114564698066739373288319254727723644",
"length": 586.0
},
"id": "CVE-2025-47293-d8e234d3",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java",
"function": "nestedReadUntilEndElementWithDepthTest"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "167697650655665309849421686240111573484",
"length": 932.0
},
"id": "CVE-2025-47293-ddd22ec5",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/config/XmlModuleConfigRepository.java",
"function": "XmlModuleConfigRepository"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "336134060720131839376863549012361805899",
"length": 524.0
},
"id": "CVE-2025-47293-ec88ab7e",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/ConversionUtil.java",
"function": "xmlContains"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"137098382018588191463635912104683814814",
"104340236346374833146029145698093216172",
"277167823327181611926680581398132750524",
"71633615813757539914869626017372555489",
"70344164602223948196716821450798456072",
"150435160165297295569634813789378224256",
"283901052374438105347937792758160682541",
"266227966542388966072537122544237311205",
"132864321745532741379594142893204275252",
"285516369111502823711628597521457950874",
"57596736191996830845641502062080819413",
"135250411275682496388826218566300122968",
"71915255461223039399666905051882682642",
"111028650098338877921058119961592148717",
"26664218263420900721305988754915097593",
"12133467447169618593789778006272683303",
"279165575566150603430172483783518081083",
"108114497868109504644174727773064456004",
"184736020439008569403661742327949706873",
"111985129161630948258346618670108862216",
"100659671196162955987337048784659611285",
"170070138051137243068705681083808340151",
"241957370041920799050379791472153403080",
"113129225847576386904270223328922387396",
"45062056021005449186854742843193594950",
"26668636075337697690601825106161696372"
]
},
"id": "CVE-2025-47293-ef7775c5",
"deprecated": false,
"target": {
"file": "iidm/iidm-serde/src/main/java/com/powsybl/iidm/serde/XMLImporter.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"65952298702144144256875140041773236420",
"87442981186740851864711009452517840076",
"58946223450524584762318588273314063677",
"283901052374438105347937792758160682541",
"39996400075447590157520680842354315214",
"20594848185549852069598916659132667762",
"82649462137704701291879575267292756016",
"174729364366736146604110636652391133194",
"66515417294055129707520160425115433234",
"255067005582581049570889307760691197798",
"67594893476498673768745765367229108767"
]
},
"id": "CVE-2025-47293-f1a6c76a",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/issues/TapChangerNeutralStepTest.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "201840416541847276403655809727744563889",
"length": 544.0
},
"id": "CVE-2025-47293-faf88a62",
"deprecated": false,
"target": {
"file": "commons/src/test/java/com/powsybl/commons/xml/XmlUtilTest.java",
"function": "readUntilEndElementWithDepthTest"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"118664493483189721612506409656010098102",
"283701309574053065212100072775311845828",
"170292217019761048672672995756087726322",
"103468013214672504055668180296240272397",
"315059568414582143981719481985746398761",
"661329809641957314487571886544771164",
"277742038443628348688376705469037168196",
"104118832503308456513911205852874854990",
"161841126227487122585109404420058347019",
"229064898320935378807929360230461999486",
"20705613034340564261182916229295969689"
]
},
"id": "CVE-2025-47293-fb6202c5",
"deprecated": false,
"target": {
"file": "commons/src/main/java/com/powsybl/commons/xml/XmlUtil.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/powsybl/powsybl-core/commit/e6c7c4997ae8758b54a2f23ce1a499e25113acdc",
"digest": {
"function_hash": "73175231181739767880374790676492173140",
"length": 880.0
},
"id": "CVE-2025-47293-ffee0b64",
"deprecated": false,
"target": {
"file": "cgmes/cgmes-conversion/src/test/java/com/powsybl/cgmes/conversion/test/export/issues/TapChangerNeutralStepTest.java",
"function": "readTapChangerNeutralSteps"
}
}
]