@xbow.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

XBOW

xbow.com

did:plc:gclnfv6x6e2fu4w4qp53m2xx

Even mature products hide critical flaws – and @xbow.com just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: https://xbow.com/blog/xbow-akamai-cloudtest-xxe/

2025-06-30T19:42:45.945Z