CVE-2025-7473: Security improvement in parsing XML data

This document highlights the security updates implemented in Endpoint Central to enhance the security while parsing XML files.

CVE-ID: CVE-2025-7473
Severity: Medium
Fixed build:
Builds 11.4.2516.1 and below, upgrade to 11.4.2516.17
Release date: 24 April 2025
Reported by: Chris Au via Zoho Corp Bug Bounty Program.

What was the problem?

A potential issue was identified where, under certain conditions, a specially crafted XML file could allow a non-admin user to perform actions typically reserved for admins.

Cloud applicability: Yes

How to fix it?

This issue has been identified and addressed in Endpoint Central builds released on 24 April, 2025.

1. Login to the Endpoint Central console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Contact support

For any further questions or concerns about this, please write to our support team.