CVE-2024-55969

9.1

Critical

Published:15 Dec 2024

Last updated:17 Jun 2026

Source:cve@mitre.org

Deferred

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: High

View on MITRE Find PoC on GitHub

Description

DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.

References

cve@mitre.org

https://ej2.syncfusion.com/aspnetmvc/documentation/release-notes/27.1.55?type=all