CVE-2025-7823
BaseFortify
Publication date: 2025-07-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jinher | jinher_oa | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7823 is a critical XML External Entity (XXE) injection vulnerability in Jinher OA version 1.2, specifically in the ProjectScheduleDelete.aspx endpoint. It occurs because the application improperly processes XML input containing external entity references without validation or disabling them. This allows unauthenticated attackers to send specially crafted XML documents that cause the server to process external entities, leading to data exfiltration and other malicious actions. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow unauthenticated attackers to read arbitrary files on the server, perform server-side request forgery (SSRF) attacks, scan internal networks, potentially achieve remote code execution, and exfiltrate sensitive configuration data using out-of-band techniques. This can compromise the confidentiality, integrity, and availability of the affected system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted XML payloads containing external entity references to the vulnerable endpoint /c6/Jhsoft.Web.Project/ProjectOffice/ProjectScheduleDelete.aspx/. Example detection payloads include XML documents with DOCTYPE declarations referencing external entities. Additionally, vulnerable targets can be identified using Google dorking with queries such as inurl:ProjectScheduleDelete.aspx. Monitoring network traffic for outbound HTTP requests to attacker-controlled servers after sending such payloads can also indicate exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling XML External Entity processing in the XML parser (e.g., setting XmlResolver to null in .NET), implementing strict input validation to reject XML documents containing DOCTYPE declarations or external entities, restricting outbound network connections from the server to prevent data exfiltration, applying egress filtering and network controls, deploying Web Application Firewall (WAF) rules to detect and block XXE attempts, and keeping the system updated with vendor patches. If possible, replace the affected component with an alternative product. [2, 3]