CVE-2025-49493

MEDIUM EXPLOITED NUCLEI

Akamai CloudTest <60 - XXE Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-49493 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including SystemVll. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2025-49493, an XXE vulnerability in Akamai CloudTest. The exploit crafts malicious SOAP requests to trigger XXE attacks, potentially leading to information disclosure, SSRF, or DoS.

Description

Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.

Exploits (1)

nomisec WORKING POC 1 stars
by SystemVll · infoleak
https://github.com/SystemVll/CVE-2025-49493

This repository contains a functional Python-based exploit for CVE-2025-49493, an XXE vulnerability in Akamai CloudTest. The exploit crafts malicious SOAP requests to trigger XXE attacks, potentially leading to information disclosure, SSRF, or DoS.

Classification
Working Poc 95%
Attack Type
Xxe
Complexity
Moderate
Reliability
Reliable
Target: Akamai CloudTest before 60 2025.06.02 (12988)
No auth needed
Prerequisites: Python 3.6+ · requests · urllib3 · colored · pyfiglet · target list · XXE server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Akamai CloudTest < 60 2025.06.02 - XML External Entity (XXE)
CRITICALVERIFIEDby xbow,3th1c_yuk1
Shodan: html:"Akamai CloudTest"

References (3)

Core 3

Scores

CVSS v3 5.8
EPSS 0.0186
EPSS Percentile 83.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2025-07-31
CWE
CWE-611
Status published
Products (1)
Akamai/CloudTest < 12988
Published Jun 30, 2025
Tracked Since Feb 18, 2026