CVE-2025-10816 – This is an XML External Entity (XXE) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-10816?

CVE-2025-10816 has a CVSS score of 7.3 (HIGH). This is an XML External Entity (XXE) vulnerability in Jinher OA 2.0 that allows remote attackers to read arbitrary files from the server or potentially perform server-side request forgery. It affects organizations using Jinher OA 2.0 with the vulnerable XML handler component exposed. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

This is an XML External Entity (XXE) vulnerability in Jinher OA 2.0 that allows remote attackers to read arbitrary files from the server or potentially perform server-side request forgery. It affects organizations using Jinher OA 2.0 with the vulnerable XML handler component exposed. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Jinher OA

Versions: 2.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the XML handler component at /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx

📦 What is this software?

Jinher Oa by Jinher

View all CVEs affecting Jinher Oa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through file disclosure of sensitive data (passwords, configuration files) leading to lateral movement, data exfiltration, or further exploitation.

🟠

Likely Case

Unauthorized file system access allowing reading of sensitive files, potentially exposing credentials, configuration data, or internal information.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and input validation are in place to block XXE payloads.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable. The vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Contact Jinher vendor for updates. Consider workarounds or upgrading to a newer version if available.

🔧 Temporary Workarounds

Disable XXE Processing

all

Configure the XML parser to disable external entity processing

Modify XML parser configuration to set features: javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING = true, http://apache.org/xml/features/disallow-doctype-decl = true

WAF Rule Implementation

all

Block XXE payload patterns at the web application firewall

Add WAF rules to detect and block patterns containing: <!DOCTYPE, <!ENTITY, SYSTEM, PUBLIC, %xxe;, file:///, http:// internal references

🧯 If You Can't Patch

Block access to /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx at network perimeter
Implement strict input validation and sanitization for XML input parameters

🔍 How to Verify

Check if Vulnerable:

Test the endpoint with XXE payloads: curl -X GET 'http://target/c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add' --data '<?xml version="1.0"?><!DOCTYPE test [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><test>&xxe;</test>'

Check Version:

Check Jinher OA version in application interface or configuration files

Verify Fix Applied:

Retest with same XXE payloads after implementing workarounds - should return error or empty response instead of file contents

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx with XML payloads
Log entries containing XXE-related strings: <!DOCTYPE, <!ENTITY, SYSTEM, file:///

Network Indicators:

HTTP traffic to vulnerable endpoint with XML content in parameters
Outbound connections from server following XXE exploitation

SIEM Query:

source="web_logs" AND (uri="/c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx" AND (content CONTAINS "<!DOCTYPE" OR content CONTAINS "<!ENTITY" OR content CONTAINS "SYSTEM"))

📊 Metadata

CVE ID: CVE-2025-10816

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-610

EPSS Score: 0.08% exploit probability (23.9th percentile)

Published: September 22, 2025

Last Updated: October 3, 2025

🔗 References

https://github.com/1296299554/CVE/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.325174 Permissions Required,VDB Entry
https://vuldb.com/?id.325174 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.654466 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10816, you might also want to check these: