Loading
Generated remediation guidance and an executive summary. No account required.
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Use CWE-611, Pivotal Software vendor hub and Spring Framework product page to widen CVE-2014-0225 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2016-5007, CVE-2016-9878 and CVE-2013-6429 for nearby disclosures in the same product family. Additional editorial context is available in Cybersecurity Weekly Roundup: April 27, 2026 — Critical Zero-Days and Framework Failures.