CVE-2025-7523

A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
jinherjinher_oa
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability
https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability?tab=readme-ov-file#proof-of-concept
https://vuldb.com/?ctiid.316220
https://vuldb.com/?id.316220
https://vuldb.com/?submit.611183
https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability