CVE-2025-53621: DSpace is vulnerable to XML External Entity injection during archive imports

Two related XXE injection possibilities have been discovered, impacting all versions of DSpace prior to 7.6.4, 8.2 and 9.1.

1. External entities are not disabled when parsing XML files during import of an archive (in Simple Archive Format), either from command-line (./dspace import command) or from the “Batch Import (Zip)” user interface feature. (Likely impacts all versions of DSpace 1.x <= 7.6.3, 8.0 <= 8.1, and 9.0)
2. External entities are also not explicitly disabled when parsing XML responses from some upstream services (ArXiv, Crossref, OpenAIRE, Creative Commons) used in import from external sources via the user interface or REST API. (Impacts all versions of DSpace 7.0 <= 7.6.3, 8.0 <= 8.1 and 9.0)

An XXE injection in these files may result in a connection being made to an attacker’s site or a local path readable by the Tomcat user, with content potentially being injected into a metadata field. In the latter case, this may result in sensitive content disclosure, including retrieving arbitrary files or configurations from the server where DSpace is running or content from remote URLs. The ability to include content from a remote URL could result in a request forgery attack, and disclosure of sensitive information in the response.

The Simple Archive Format (SAF) importer / Batch Import (Zip) is only usable by site administrators (from user interface / REST API) or system administrators (from command-line). Therefore, to exploit this vulnerability, the malicious payload would have to be provided by an attacker and trusted by an administrator (who would trigger the import).

• The most severe practical impact is a case where an attacker obtains DSpace administrator credentials and uses the Batch Import feature with a malicious SAF archive to expose sensitive local files readable by the Tomcat user, or secrets and access tokens from an authenticated service via request forgery.
• An attacker without administrative credentials might use some other tactic to convince an administrator to import a malicious SAF archive they have supplied.

The Import from External Sources feature has a narrower attack vector. While this feature is usable by any DSpace Submitter, the malicious payload must be provided by the external source (e.g. arXiv, Crossref, OpenAIRE, or Creative Commons). No known method exists for an attacker to inject XXE via content uploads. Instead, the service itself would need to be compromised in such a way that it would inject a malicious payload into its API response.