CVE-2025-1225 – This XXE vulnerability in ywoa's WXCallBack Int... (How to Fix)

Q: What is the severity of CVE-2025-1225?

CVE-2025-1225 has a CVSS score of 6.3 (MEDIUM). This XXE vulnerability in ywoa's WXCallBack Interface allows attackers to read arbitrary files from the server by exploiting XML parsing. It affects all systems running ywoa up to version 2024.07.03. The vulnerability can be exploited remotely without authentication.

📋 TL;DR

This XXE vulnerability in ywoa's WXCallBack Interface allows attackers to read arbitrary files from the server by exploiting XML parsing. It affects all systems running ywoa up to version 2024.07.03. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:

ywoa

Versions: up to 2024.07.03

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the WXCallBack Interface component specifically when processing XML data.

📦 What is this software?

Yimioa by R1bbit

View all CVEs affecting Yimioa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server file system disclosure including sensitive configuration files, credentials, and system files leading to full system compromise.

🟠

Likely Case

Unauthorized reading of application files, configuration data, and potentially sensitive user information stored on the server.

🟢

If Mitigated

Limited impact with proper XML parser hardening and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.07.04

Vendor Advisory: https://gitee.com/r1bbit/yimioa/issues/IBI81R

Restart Required: Yes

Instructions:

1. Download ywoa version 2024.07.04 or later. 2. Stop the ywoa service. 3. Replace the affected XMLParse.java file or upgrade entire application. 4. Restart the ywoa service.

🔧 Temporary Workarounds

Disable XXE in XML Parser

all

Configure XML parser to disable external entity processing

Set XML parser properties: FEATURE_SECURE_PROCESSING=true, DISALLOW_DOCTYPE_DECL=true

Input Validation Filter

all

Implement input filtering to reject XML containing DOCTYPE declarations

Add regex filter: if (xml.contains("<!DOCTYPE")) { reject request }

🧯 If You Can't Patch

Implement network segmentation to restrict access to WXCallBack Interface
Deploy WAF with XXE protection rules to block malicious XML payloads

🔍 How to Verify

Check if Vulnerable:

Check ywoa version: if version <= 2024.07.03, system is vulnerable. Test with XXE payload to XMLParse endpoint.

Check Version:

Check application version in ywoa admin interface or configuration files

Verify Fix Applied:

Verify version is 2024.07.04 or later. Test XXE payload should be rejected or return error.

📡 Detection & Monitoring

Log Indicators:

XML parsing errors
File system access attempts from XML parser
Large XML payloads with DOCTYPE declarations

Network Indicators:

HTTP requests to WXCallBack endpoint with XML containing DOCTYPE or external entity references

SIEM Query:

source="ywoa" AND (message="*DOCTYPE*" OR message="*XXE*" OR message="*external entity*")

📊 Metadata

CVE ID: CVE-2025-1225

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-610

EPSS Score: 0.11% exploit probability (29th percentile)

Published: February 12, 2025

Last Updated: August 26, 2025

🔗 References

https://gitee.com/r1bbit/yimioa/issues/IBI81R Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.295211 Permissions Required,VDB Entry
https://vuldb.com/?id.295211 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1225, you might also want to check these: