Jinher OA type xml external entity reference_CVE-2025-11341

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-11341

Source VulDB

Published Oct 6, 2025 at 17:02

Modified Oct 6, 2025 at 19:58

Affected Product

Vendor Jinher

Product OA

Version 2.0

Affected Versions Jinher OA 2.0

CWE Classification

CWE-611 CWE-610

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.",
    "published": "2025-10-06T17:02:05.698Z",
    "modified": "2025-10-06T19:58:06.825Z",
    "type": "cve",
    "title": "Jinher OA type xml external entity reference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327226\nhttps://vuldb.com/?ctiid.327226\nhttps://vuldb.com/?submit.664613\nhttps://github.com/rookie1006/CVE/issues/2",
    "id": "CVE-2025-11341",
    "bulletinFamily": "",
    "cwe": [
        "CWE-611",
        "CWE-610"
    ],
    "cvelist": null,
    "sourceData": "Jinher OA 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OA",
    "version": "2.0",
    "vendor": "Jinher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}