CVE-2025-2365 MEDIUM

CVE-2025-2365: crmeb_java WeChatMessageController.java webHook xml external entity reference

Vendor N/A

Product crmeb_java

Weakness CWE-611 · XXE

Published March 17, 2025

Last update March 17, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

March 17, 2025 CVE published

March 17, 2025 Record updated

Identifiers

CVE CVE-2025-2365

CWE CWE-611

CVSS 5.3 / MEDIUM

Affected versions

Vendor N/A

Product crmeb_java

Affected 1.3.0

Vendor N/A

Product crmeb_java

Affected 1.3.1

Vendor N/A

Product crmeb_java

Affected 1.3.2

Vendor N/A

Product crmeb_java

Affected 1.3.3

Vendor N/A

Product crmeb_java

Affected 1.3.4