CVE-2025-15251
XML External Entity Vulnerability in FastBee SIP Message Handler
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beecue | fastbee | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the getRootElement function of the SIP Message Handler component in beecue FastBee up to version 2.1. It involves XML External Entity (XXE) reference manipulation, which allows an attacker to exploit the system remotely by injecting malicious XML content. The attack is considered difficult to execute due to its high complexity.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure, modification, or destruction of data because it affects confidentiality, integrity, and availability. Since it allows XML external entity injection, an attacker might access sensitive information or disrupt service remotely, although exploiting it is difficult.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to read sensitive local files and exfiltrate their contents, impacting confidentiality, integrity, and availability of data. Such unauthorized data access and exfiltration could lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over personal and sensitive information. Therefore, this vulnerability poses a risk to compliance with these standards by potentially exposing protected data. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring and analyzing SIP MESSAGE traffic for suspicious XML payloads containing external entity references indicative of XXE attacks. Deploying security devices or network monitoring tools to detect and block such suspicious SIP MESSAGE requests is recommended. Specific commands are not provided, but monitoring UDP packets on the SIP service port (default 5061) for unusual XML content or unexpected outbound HTTP/FTP connections may help identify exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Modify the XML parser in the getRootElement method to disable DTD declarations and external entity processing by setting the following features on the SAXReader parser: reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); 2) Upgrade the JDK running Fastbee to version 7u141 or later, or 8u162 or later, to prevent FTP external entity resolution. 3) Deploy security monitoring to detect and block suspicious SIP MESSAGE traffic indicative of XXE attacks. 4) Consider restricting network access to the SIP service port (default 5061) to trusted sources only. [2]