CVE-2025-25589

High CVSS: 8.1

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

Vendor

Product

CWE

CWE-91

Yayın Tarihi

2025-03-18 16:15:27

Güncelleme

2025-03-21 14:15:16

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-91 HIGH 2025

Referanslar

https://gitee.com/r1bbit/yimioa/issues/IBI81R