CVE-2025-5877
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fengoffice | feng_office | 3.2.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5877 is a blind XML External Entity (XXE) vulnerability in Feng Office version 3.2.2.1, specifically in the document upload functionality. The vulnerability arises because the application improperly parses XML content from uploaded documents (such as DOCX and ODT) using unsafe libxml parser options that allow external entity expansion. This enables an attacker to craft malicious XML documents that can exfiltrate local files or perform Server-Side Request Forgery (SSRF) attacks. Additionally, if certain PHP extensions like PECL expect are installed, or depending on the PHP version, the vulnerability can escalate to Remote Code Execution (RCE). The attack can be launched remotely without user interaction. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to exfiltrate sensitive local files from the server, perform SSRF attacks to access internal resources, and potentially execute arbitrary code remotely if certain conditions are met (such as the presence of the PECL expect extension or specific PHP versions). This compromises the confidentiality, integrity, and availability of your system and data. The attack requires low privileges and no user interaction, making it relatively easy to exploit remotely. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your Feng Office installation is version 3.2.2.1 or later and if it uses the vulnerable document upload functionality involving the file /application/models/ApplicationDataObject.class.php. You can also detect potential exploitation attempts by monitoring for unusual HTTP requests containing XML payloads with external entity definitions. Additionally, Google dorking can be used to find vulnerable targets by searching for inurl:application/models/ApplicationDataObject.class.php. Specific commands to detect exploitation attempts are not provided, but monitoring web server logs for XML uploads with DOCTYPE declarations referencing external entities is recommended. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include reviewing and removing unsafe libxml parser options such as LIBXML_NOENT, LIBXML_XINCLUDE, LIBXML_NOERROR, and LIBXML_NOWARNING that enable loading and expansion of external entities. Disable external entity loading unless strictly necessary. Validate and sanitize all XML content before parsing. Since no known countermeasures or patches exist, it is suggested to replace the affected component or upgrade to a version where this vulnerability is fixed. Monitoring for exploitation attempts and restricting document upload functionality can also help reduce risk. [2, 3]