CVE-2025-11341
BaseFortify
Publication date: 2025-10-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jinher | oa | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11341 is a critical XML External Entity (XXE) injection vulnerability in Jinher OA version 2.0. It occurs in the handling of XML input at the endpoint /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx with query parameters ?type=SystemUserInfo&style=1 and also affects ProjectScheduleDelete.aspx. The vulnerability allows unauthenticated remote attackers to send specially crafted XML documents containing external entity references. The server processes these external entities improperly, enabling attackers to perform out-of-band data exfiltration and potentially other malicious actions by exploiting the XML parser's external entity resolution feature. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely exploit the system without authentication. They can read arbitrary files on the server, perform server-side request forgery (SSRF), scan internal networks, and potentially achieve remote code execution. Sensitive system files and configuration data may be exposed, compromising confidentiality, integrity, and availability of the affected system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted XML POST requests to the vulnerable endpoints such as `/c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1` or `ProjectScheduleDelete.aspx` containing XML payloads with DOCTYPE declarations referencing external entities. Detection involves monitoring for unusual outbound HTTP requests triggered by the XML parser resolving external entities. Commands to test include using curl to send XML payloads with external entity references to the endpoint and observing responses or network traffic for out-of-band data exfiltration. For example, a curl command to send a test XML payload with an external entity can be used to verify if the server processes external entities. Additionally, monitoring logs and network traffic for unexpected outbound connections to attacker-controlled servers can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling XML external entity processing in the XML parser used by Jinher OA (e.g., setting XmlResolver to null in .NET environments), implementing strict input validation to reject XML documents containing DOCTYPE declarations, and restricting outbound network connections to prevent data exfiltration. Applying vendor security patches if available is critical. If patches are not available, consider replacing the affected product or using alternative data formats like JSON. Deploying Web Application Firewall (WAF) rules to detect and block XXE attack patterns and conducting regular security audits are also recommended to reduce risk. [2, 3]