Vulnerability found on Introscope EM 10.8.0.86 and 10.8.1.86 with the Nessus scan, the vulnerability CVE-2025-31672 was found in the files below.

• apmintroscope/product/sha2/configuration/org.eclipse.osgi/208/0/.cp/poi-scratchpad-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/sha2/configuration/org.eclipse.osgi/208/0/.cp/poi-ooxml-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/sha2/configuration/org.eclipse.osgi/208/0/.cp/poi-excelant-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/sha2/configuration/org.eclipse.osgi/208/0/.cp/poi-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/enterprisemanager/configuration/org.eclipse.osgi/208/0/.cp/poi-scratchpad-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/enterprisemanager/configuration/org.eclipse.osgi/208/0/.cp/poi-ooxml-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/enterprisemanager/configuration/org.eclipse.osgi/208/0/.cp/poi-excelant-5.2.1.jar
• Installed version : 5.2.1
•  

• apmintroscope/product/enterprisemanager/configuration/org.eclipse.osgi/208/0/.cp/poi-5.2.1.jar
• Installed version : 5.2.1
•  

Application Performance Management 10.8.0.86

In the latest build 10.8.0.211, we have Apache POI 5.2.1 and we internally upgraded to 5.2.5.

Vulnerability details: 

Apache POI Vulnerable to Arbitrary File Read via Improper Input Validation in Parsing of Duplicate ZIP Entry Names

BDSA, BDSA-2025-3084, CVE-2025-31672, Published 4/10/2025, Updated 4/10/2025

Apache POI contains a flaw relating to how OOXML format files are parsed. Remote attackers may be able to supply a victim with a modified OOXML format file containing entries with a duplicate name. When parsing the file, crafted data may in turn be read and potentially executed.