CVE-2025-10091 – This vulnerability in Jinher OA allows attacker... (How to Fix)

Q: What is the severity of CVE-2025-10091?

CVE-2025-10091 has a CVSS score of 7.3 (HIGH). This vulnerability in Jinher OA allows attackers to perform XML External Entity (XXE) attacks through the XML Handler component. Remote exploitation can lead to sensitive data disclosure, server-side request forgery, or denial of service. All systems running Jinher OA version 1.2 or earlier are affected.

📋 TL;DR

This vulnerability in Jinher OA allows attackers to perform XML External Entity (XXE) attacks through the XML Handler component. Remote exploitation can lead to sensitive data disclosure, server-side request forgery, or denial of service. All systems running Jinher OA version 1.2 or earlier are affected.

💻 Affected Systems

Products:

Jinher OA

Versions: Up to and including version 1.2

Operating Systems: Windows (likely), Linux (likely)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default XML handler configuration. Component is part of project management module.

📦 What is this software?

Jinher Oa by Jinher

View all CVEs affecting Jinher Oa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through file read, SSRF to internal services, or denial of service via entity expansion attacks.

🟠

Likely Case

Sensitive file disclosure (configuration files, credentials) and internal network reconnaissance via SSRF.

🟢

If Mitigated

Limited impact with proper XML parser hardening and network segmentation.

🌐 Internet-Facing: HIGH - Remote exploitation is possible and public exploit exists.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit disclosed on GitHub. Simple XXE payloads can be used. No authentication required to access vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates. Consider upgrading to newer version if available.

🔧 Temporary Workarounds

Disable XXE in XML Parser

all

Configure XML parser to disable external entity processing

Modify application configuration to set: XmlReaderSettings.DtdProcessing = DtdProcessing.Prohibit
Set XmlResolver = null in XML parser configuration

Web Application Firewall Rules

all

Block XXE patterns at WAF/IPS level

Add WAF rule to block requests containing: <!DOCTYPE, <!ENTITY, SYSTEM, PUBLIC

🧯 If You Can't Patch

Block access to /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx at network firewall or reverse proxy
Implement strict input validation and sanitization for XML input parameters

🔍 How to Verify

Check if Vulnerable:

Send XXE test payload to: http://target/c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add with XML containing external entity reference

Check Version:

Check application version in web interface or configuration files. Look for version 1.2 or earlier.

Verify Fix Applied:

Test with same XXE payload - should receive error or no data disclosure. Verify XML parser settings disable external entities.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /XmlHttp.aspx with XML content
XML parsing errors in application logs
Unusual file read attempts from web server process

Network Indicators:

HTTP POST/GET requests containing <!DOCTYPE or <!ENTITY strings
Outbound connections from web server to internal services (SSRF)

SIEM Query:

web.url:*XmlHttp.aspx* AND (http.request_body:*<!DOCTYPE* OR http.request_body:*<!ENTITY*)

📊 Metadata

CVE ID: CVE-2025-10091

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-610

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: September 8, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/Cstarplus/CVE/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.323046 Permissions Required,VDB Entry
https://vuldb.com/?id.323046 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.644864 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10091, you might also want to check these: