CVE-2025-11341
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11341
EUVD
EUVD-2025-32159
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jinher oa 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11341 is a critical XML External Entity (XXE) injection vulnerability in Jinher OA version 2.0. It occurs in the handling of XML input at the endpoint /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx with query parameters ?type=SystemUserInfo&style=1 and also affects ProjectScheduleDelete.aspx. The vulnerability allows unauthenticated remote attackers to send specially crafted XML documents containing external entity references. The server processes these external entities improperly, enabling attackers to perform out-of-band data exfiltration and potentially other malicious actions by exploiting the XML parser's external entity resolution feature. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by allowing attackers to remotely exploit the system without authentication. They can read arbitrary files on the server, perform server-side request forgery (SSRF), scan internal networks, and potentially achieve remote code execution. Sensitive system files and configuration data may be exposed, compromising confidentiality, integrity, and availability of the affected system. [2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted XML POST requests to the vulnerable endpoints such as `/c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1` or `ProjectScheduleDelete.aspx` containing XML payloads with DOCTYPE declarations referencing external entities. Detection involves monitoring for unusual outbound HTTP requests triggered by the XML parser resolving external entities. Commands to test include using curl to send XML payloads with external entity references to the endpoint and observing responses or network traffic for out-of-band data exfiltration. For example, a curl command to send a test XML payload with an external entity can be used to verify if the server processes external entities. Additionally, monitoring logs and network traffic for unexpected outbound connections to attacker-controlled servers can help detect exploitation attempts. [3]

Mitigation Strategies

Immediate mitigation steps include disabling XML external entity processing in the XML parser used by Jinher OA (e.g., setting XmlResolver to null in .NET environments), implementing strict input validation to reject XML documents containing DOCTYPE declarations, and restricting outbound network connections to prevent data exfiltration. Applying vendor security patches if available is critical. If patches are not available, consider replacing the affected product or using alternative data formats like JSON. Deploying Web Application Firewall (WAF) rules to detect and block XXE attack patterns and conducting regular security audits are also recommended to reduce risk. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11341. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart