Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1691 vulnerabilities reference this CWE, most recent first.

CVE-2025-22478 (GCVE-0-2025-22478)

Vulnerability from cvelistv5 – Published: 2025-05-06 15:55 – Updated: 2026-02-26 18:28
VLAI
Summary
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
Vendor Product Version
Dell Dell Storage Center - Dell Storage Manager Affected: N/A , < 2020 R1.21 (semver)
Create a notification for this product.
Date Public
2025-05-05 17:00
Credits
Dell would like to thank sradulea for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T03:56:10.316595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:52.481Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Storage Center - Dell Storage Manager",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2020 R1.21",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank sradulea for reporting this issue."
        }
      ],
      "datePublic": "2025-05-05T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.\u003cbr\u003e"
            }
          ],
          "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T15:55:03.918Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-22478",
    "datePublished": "2025-05-06T15:55:03.918Z",
    "dateReserved": "2025-01-07T06:04:12.135Z",
    "dateUpdated": "2026-02-26T18:28:52.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15251 (GCVE-0-2025-15251)

Vulnerability from cvelistv5 – Published: 2025-12-30 14:02 – Updated: 2025-12-30 14:29
VLAI
Title
beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference
Summary
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.338641 vdb-entrytechnical-description
https://vuldb.com/?ctiid.338641 signaturepermissions-required
https://gitee.com/beecue/fastbee/issues/ID7HNZ issue-tracking
https://gitee.com/beecue/fastbee/issues/ID7HNZ#no… issue-tracking
Impacted products
Vendor Product Version
beecue FastBee Affected: 2.0
Affected: 2.1
Create a notification for this product.
Credits
VulDB Gitee Analyzer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15251",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T14:29:14.007553Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T14:29:30.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "SIP Message Handler"
          ],
          "product": "FastBee",
          "vendor": "beecue",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB Gitee Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: \"Okay, we\u0027ll handle it as soon as possible.\""
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T14:02:10.910Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-338641 | beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.338641"
        },
        {
          "name": "VDB-338641 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.338641"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ#note_47777408_link"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-29T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-29T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-29T10:13:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15251",
    "datePublished": "2025-12-30T14:02:10.910Z",
    "dateReserved": "2025-12-29T09:08:25.743Z",
    "dateUpdated": "2025-12-30T14:29:30.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14543 (GCVE-0-2025-14543)

Vulnerability from cvelistv5 – Published: 2026-04-30 15:25 – Updated: 2026-06-17 17:16
VLAI
Title
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.
Summary
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
RTI
References
Impacted products
Vendor Product Version
RTI Connext Professional Affected: 7.4.0 , < 7.7.0 (custom)
Affected: 7.0.0 , < 7.3.1.1 (custom)
Affected: 6.1.0 , < 6.1.* (custom)
Affected: 6.0.0 , < 6.0.* (custom)
Affected: 5.3.0 , < 5.3.* (custom)
Affected: 4.3x , < 5.2.* (custom)
Create a notification for this product.
Date Public
2026-04-23 15:12
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14543",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T15:42:00.570103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T15:42:40.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Core Libraries"
          ],
          "packageName": "connext_professional",
          "packageURL": "pkg:generic/connext_professional",
          "product": "Connext Professional",
          "vendor": "RTI",
          "versions": [
            {
              "lessThan": "7.7.0",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.1.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.*",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.*",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.*",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.*",
              "status": "affected",
              "version": "4.3x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.7.0",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.3.1.1",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.*",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.*",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.3.*",
                  "versionStartIncluding": "5.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.*",
                  "versionStartIncluding": "4.3x",
                  "vulnerable": true
                }
              ],
              "negated": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-23T15:12:47.958Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.\u003c/p\u003e"
            }
          ],
          "value": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-201",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-201 Serialized Data External Linking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Security Extensions Enabled"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T17:16:23.061Z",
        "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "shortName": "RTI"
      },
      "references": [
        {
          "url": "https://www.rti.com/vulnerabilities/#cve-2025-14543"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.",
      "x_generator": {
        "engine": "RTI Lubna 1.16.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
    "assignerShortName": "RTI",
    "cveId": "CVE-2025-14543",
    "datePublished": "2026-04-30T15:25:10.180Z",
    "dateReserved": "2025-12-11T15:00:13.943Z",
    "dateUpdated": "2026-06-17T17:16:23.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14478 (GCVE-0-2025-14478)

Vulnerability from cvelistv5 – Published: 2026-01-17 07:27 – Updated: 2026-04-08 17:16
VLAI
Title
Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
Summary
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in vulnerable configurations. This only impacts sites on versions of PHP older than 8.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
kraftplugins Demo Importer Plus Affected: 0 , ≤ 2.0.9 (semver)
Create a notification for this product.
Credits
Lorenzo Franchini
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-20T19:10:05.470176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-20T19:23:29.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Demo Importer Plus",
          "vendor": "kraftplugins",
          "versions": [
            {
              "lessThanOrEqual": "2.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lorenzo Franchini"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in vulnerable configurations. This only impacts sites on versions of PHP older than 8.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:16:27.643Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2971aa0-8287-4142-bd04-7aec1ed92e7b?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/demo-importer-plus/trunk/inc/importers/class-demo-importer-plus-sites-helper.php#L88"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/demo-importer-plus/tags/2.0.6/inc/importers/class-demo-importer-plus-sites-helper.php#L88"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3439643/demo-importer-plus/trunk/inc/importers/class-demo-importer-plus-sites-helper.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-10T18:54:11.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-01-16T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Demo Importer Plus \u003c= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-14478",
    "datePublished": "2026-01-17T07:27:37.627Z",
    "dateReserved": "2025-12-10T18:36:47.883Z",
    "dateUpdated": "2026-04-08T17:16:27.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13209 (GCVE-0-2025-13209)

Vulnerability from cvelistv5 – Published: 2025-11-15 18:32 – Updated: 2025-11-17 15:58
VLAI
Title
bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference
Summary
A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.332528 vdb-entrytechnical-description
https://vuldb.com/?ctiid.332528 signaturepermissions-required
https://vuldb.com/?submit.685626 third-party-advisory
https://github.com/bkglfpp/CVE-md/blob/main/%E4%B… exploit
Impacted products
Vendor Product Version
bestfeng oa_git_free Affected: 9.0
Affected: 9.1
Affected: 9.2
Affected: 9.3
Affected: 9.4
Affected: 9.5
Create a notification for this product.
Credits
youran (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13209",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-17T15:58:27.666432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-17T15:58:53.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "oa_git_free",
          "vendor": "bestfeng",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "9.2"
            },
            {
              "status": "affected",
              "version": "9.3"
            },
            {
              "status": "affected",
              "version": "9.4"
            },
            {
              "status": "affected",
              "version": "9.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "youran (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\\server\\c-flow\\src\\main\\java\\com\\cloudweb\\oa\\controller\\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in bestfeng oa_git_free up to 9.5 gefunden. Hierbei geht es um die Funktion updateWriteBack der Datei yimioa-oa9.5\\server\\c-flow\\src\\main\\java\\com\\cloudweb\\oa\\controller\\WorkflowPredefineController.java. Dank der Manipulation des Arguments writeProp mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-15T18:32:06.823Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-332528 | bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.332528"
        },
        {
          "name": "VDB-332528 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.332528"
        },
        {
          "name": "Submit #685626 | https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.685626"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-14T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-11-14T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-11-14T20:06:01.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-13209",
    "datePublished": "2025-11-15T18:32:06.823Z",
    "dateReserved": "2025-11-14T19:00:50.250Z",
    "dateUpdated": "2025-11-17T15:58:53.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12531 (GCVE-0-2025-12531)

Vulnerability from cvelistv5 – Published: 2025-11-03 19:47 – Updated: 2025-11-03 20:15
VLAI
Title
IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7249881 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM InfoSphere Information Server Affected: 11.7.0.0 , ≤ 11.7.1.6 (semver)
    cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-03T20:15:14.254640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:15:28.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "InfoSphere Information Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.7.1.6",
              "status": "affected",
              "version": "11.7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
            }
          ],
          "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-03T19:47:40.992Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7249881"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000006k4z/dt454196\"\u003eDT454196\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/878310\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7156680\"\u003e11.7.1.5\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7182872\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM Information Server \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server\u0026amp;fixids=patch_DT454196_DSQS_11715_11716\u0026amp;source=SAR\"\u003esecurity patch\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "IBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT454196 https://www.ibm.com/mysupport/s/defect/aCIgJ0000006k4z/dt454196 --Apply IBM InfoSphere Information Server version  11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version  11.7.1.5 https://www.ibm.com/support/pages/node/7156680 \u00a0or  11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM Information Server  security patch https://www.ibm.com/support/fixcentral/quickorder"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-12531",
    "datePublished": "2025-11-03T19:47:40.992Z",
    "dateReserved": "2025-10-30T18:30:29.562Z",
    "dateUpdated": "2025-11-03T20:15:28.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11700 (GCVE-0-2025-11700)

Vulnerability from cvelistv5 – Published: 2025-11-12 15:30 – Updated: 2025-12-15 14:22
VLAI
Title
N-central Multiple XXE Injection Vulnerabilities
Summary
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
N-able N-central Affected: 0 , < 2025.4 (custom)
Create a notification for this product.
Date Public
2025-11-12 15:28
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T18:25:57.168247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T18:26:05.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "N-central",
          "vendor": "N-able",
          "versions": [
            {
              "lessThan": "2025.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-11-12T15:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eN-central versions \u0026lt; 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "N-central versions \u003c 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-250",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-250 XML Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-15T14:22:02.364Z",
        "orgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b",
        "shortName": "N-able"
      },
      "references": [
        {
          "url": "https://me.n-able.com/s/security-advisory/aArVy0000000rabKAA"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "N-central Multiple XXE Injection Vulnerabilities",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a5532a13-c4dd-4202-bef1-e0b8f2f8d12b",
    "assignerShortName": "N-able",
    "cveId": "CVE-2025-11700",
    "datePublished": "2025-11-12T15:30:38.691Z",
    "dateReserved": "2025-10-13T17:34:15.895Z",
    "dateUpdated": "2025-12-15T14:22:02.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-11341 (GCVE-0-2025-11341)

Vulnerability from cvelistv5 – Published: 2025-10-06 17:02 – Updated: 2025-10-06 19:58
VLAI
Title
Jinher OA type xml external entity reference
Summary
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.327226 vdb-entry
https://vuldb.com/?ctiid.327226 signaturepermissions-required
https://vuldb.com/?submit.664613 third-party-advisory
https://github.com/rookie1006/CVE/issues/2 exploitissue-tracking
Impacted products
Vendor Product Version
Jinher OA Affected: 2.0
Create a notification for this product.
Credits
rookie1129 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11341",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-06T19:57:58.223505Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-06T19:58:06.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OA",
          "vendor": "Jinher",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "rookie1129 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo\u0026style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited."
        },
        {
          "lang": "de",
          "value": "In Jinher OA up to 2.0 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo\u0026style=1. Durch Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T17:02:05.698Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327226 | Jinher OA type xml external entity reference",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.327226"
        },
        {
          "name": "VDB-327226 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327226"
        },
        {
          "name": "Submit #664613 | Jinher OA v2.0 XML External Entity Reference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.664613"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/rookie1006/CVE/issues/2"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-06T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-06T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-06T07:42:20.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Jinher OA type xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11341",
    "datePublished": "2025-10-06T17:02:05.698Z",
    "dateReserved": "2025-10-06T05:37:17.399Z",
    "dateUpdated": "2025-10-06T19:58:06.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11140 (GCVE-0-2025-11140)

Vulnerability from cvelistv5 – Published: 2025-09-29 04:02 – Updated: 2025-09-29 11:48
VLAI
Title
Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference
Summary
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.326217 vdb-entrytechnical-description
https://vuldb.com/?ctiid.326217 signaturepermissions-required
https://vuldb.com/?submit.658090 third-party-advisory
https://github.com/FightingLzn9/vul/blob/main/%E6… exploit
Impacted products
Vendor Product Version
Bjskzy Zhiyou ERP Affected: 11.0
Create a notification for this product.
Credits
nu11 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11140",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T11:48:15.926314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T11:48:35.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "com.artery.richclient.RichClientService"
          ],
          "product": "Zhiyou ERP",
          "vendor": "Bjskzy",
          "versions": [
            {
              "status": "affected",
              "version": "11.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "nu11 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Bjskzy Zhiyou ERP up to 11.0 entdeckt. Dabei betrifft es die Funktion openForm der Komponente com.artery.richclient.RichClientService. Durch die Manipulation des Arguments contentString mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T04:02:05.086Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-326217 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.326217"
        },
        {
          "name": "VDB-326217 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.326217"
        },
        {
          "name": "Submit #658090 | Beijing ShiKong-ZhiYou Technology ShiKong-ZhiYou ERP 11.0 XXE",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.658090"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/FightingLzn9/vul/blob/main/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8Berp-3.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-28T20:47:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11140",
    "datePublished": "2025-09-29T04:02:05.086Z",
    "dateReserved": "2025-09-28T18:42:31.177Z",
    "dateUpdated": "2025-09-29T11:48:35.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-11035 (GCVE-0-2025-11035)

Vulnerability from cvelistv5 – Published: 2025-09-26 18:32 – Updated: 2025-09-26 18:49
VLAI
Title
Jinher OA text xml external entity reference
Summary
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - XML External Entity Reference
  • CWE-610 - Externally Controlled Reference
Assigner
References
URL Tags
https://vuldb.com/?id.325982 vdb-entry
https://vuldb.com/?ctiid.325982 signaturepermissions-required
https://vuldb.com/?submit.658253 third-party-advisory
https://github.com/frwfxc123/CVE/issues/1 exploitissue-tracking
Impacted products
Vendor Product Version
Jinher OA Affected: 2.0
Create a notification for this product.
Credits
ffff1123 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11035",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-26T18:49:33.182711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-26T18:49:58.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OA",
          "vendor": "Jinher",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ffff1123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl\u0026style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
        },
        {
          "lang": "de",
          "value": "In Jinher OA 2.0 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl\u0026style=1. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T18:32:07.735Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-325982 | Jinher OA text xml external entity reference",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.325982"
        },
        {
          "name": "VDB-325982 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.325982"
        },
        {
          "name": "Submit #658253 | Jinher OA V2.0 XML External Entity Reference",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.658253"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/frwfxc123/CVE/issues/1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-26T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-26T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-26T10:55:42.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Jinher OA text xml external entity reference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11035",
    "datePublished": "2025-09-26T18:32:07.735Z",
    "dateReserved": "2025-09-26T08:50:39.186Z",
    "dateUpdated": "2025-09-26T18:49:58.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.