CVE-2025-15251
Unknown Unknown - Not Provided
XML External Entity Vulnerability in FastBee SIP Message Handler

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: VulDB

Description
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15251
EUVD
EUVD-2025-205776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
beecue fastbee 2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the getRootElement function of the SIP Message Handler component in beecue FastBee up to version 2.1. It involves XML External Entity (XXE) reference manipulation, which allows an attacker to exploit the system remotely by injecting malicious XML content. The attack is considered difficult to execute due to its high complexity.

Impact Analysis

The vulnerability can lead to unauthorized disclosure, modification, or destruction of data because it affects confidentiality, integrity, and availability. Since it allows XML external entity injection, an attacker might access sensitive information or disrupt service remotely, although exploiting it is difficult.

Compliance Impact

The vulnerability allows remote attackers to read sensitive local files and exfiltrate their contents, impacting confidentiality, integrity, and availability of data. Such unauthorized data access and exfiltration could lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over personal and sensitive information. Therefore, this vulnerability poses a risk to compliance with these standards by potentially exposing protected data. [1, 2]

Detection Guidance

Detection can be performed by monitoring and analyzing SIP MESSAGE traffic for suspicious XML payloads containing external entity references indicative of XXE attacks. Deploying security devices or network monitoring tools to detect and block such suspicious SIP MESSAGE requests is recommended. Specific commands are not provided, but monitoring UDP packets on the SIP service port (default 5061) for unusual XML content or unexpected outbound HTTP/FTP connections may help identify exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include: 1) Modify the XML parser in the getRootElement method to disable DTD declarations and external entity processing by setting the following features on the SAXReader parser: reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); 2) Upgrade the JDK running Fastbee to version 7u141 or later, or 8u162 or later, to prevent FTP external entity resolution. 3) Deploy security monitoring to detect and block suspicious SIP MESSAGE traffic indicative of XXE attacks. 4) Consider restricting network access to the SIP service port (default 5061) to trusted sources only. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15251. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart