CVE-2025-11140 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.R…
Medium CVSS: 6.9

CVE-2025-11140

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
Zhiyou-group
Product
Zhiyou Erp
CWE
CWE-610
Yayın Tarihi
2025-09-29 04:15:40
Güncelleme
2025-10-03 18:18:23
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-610 Zhiyou Erp MEDIUM Zhiyou-group 2025

Referanslar

https://github.com/FightingLzn9/vul/blob/main/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8Berp-3.md https://vuldb.com/?ctiid.326217 https://vuldb.com/?id.326217 https://vuldb.com/?submit.658090