CVE-2023-35815

low-risk

Published 2025-04-28

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / HIGH complexity

Devexpress

Devexpress

Vendor Advisory https://code-white.com/public-vulnerability-list/

Permissions Required https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protect...

Permissions Required https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-...

Permissions Required https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-...

/ 100

low-risk

Severity 12/34 · Low

Exploitability 1/34 · Minimal

Exposure 10/34 · Low