CVE-2025-15251 MEDIUM

CVE-2025-15251: beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference

Vendor Beecue

Product FastBee

Weakness CWE-611 · XXE

Published December 30, 2025

Last update December 30, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

Description

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."

Key dates

Disclosure timeline

December 30, 2025 CVE published

December 30, 2025 Record updated

Identifiers

CVE CVE-2025-15251

CWE CWE-611

CVSS 6.3 / MEDIUM

Affected versions

Vendor Beecue

Product FastBee

Affected 2.0

Vendor Beecue

Product FastBee

Affected 2.1