CVE-2025-3241

04.04.2025, 11:15

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	6.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
zhangyanbo2007	youkefu	4.2.0

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/askqiu/cve/blob/main/README.md

Common Weakness Enumeration

References

https://github.com/askqiu/cve/blob/main/README.md

https://vuldb.com/?ctiid.303267

https://vuldb.com/?id.303267

https://vuldb.com/?submit.547585