CVE-2025-13249

6.3 MEDIUM

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to Jiusi OA systems via the OfficeServer interface. Attackers can exploit this to potentially execute malicious code or compromise the system. Organizations using Jiusi OA up to version 20251102 are affected.

💻 Affected Systems

Products:

• Jiusi OA

Versions: Up to and including 20251102

Operating Systems: Any OS running Jiusi OA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the OfficeServer interface component specifically.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload allowing attackers to deploy web shells, deface websites, or exfiltrate sensitive data.

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates.

🔧 Temporary Workarounds

Restrict OfficeServer Interface Access

linux

Block access to the vulnerable endpoint using network controls

Copy

iptables -A INPUT -p tcp --dport [OA_PORT] -m string --string "OfficeServer" --algo bm -j DROP

Implement WAF Rules

all

Configure web application firewall to block malicious uploads to the vulnerable endpoint

🧯 If You Can't Patch

• Isolate the Jiusi OA system from the internet and restrict internal access
• Implement strict file upload validation and monitoring for the OfficeServer interface

🔍 How to Verify

Check if Vulnerable:

Copy

Check if Jiusi OA version is 20251102 or earlier and test file upload to /OfficeServer endpoint

Check Version:

Copy

Check Jiusi OA admin panel or configuration files for version information

Verify Fix Applied:

Copy

Test if file upload restrictions are properly enforced on the OfficeServer interface

📡 Detection & Monitoring

Log Indicators:

• Unusual file uploads to /OfficeServer endpoint
• Multiple failed upload attempts
• Large file uploads to OfficeServer

Network Indicators:

• HTTP POST requests to /OfficeServer with FileData parameter
• Unusual outbound connections from OA server

SIEM Query:

Copy

source="jiusi-oa-logs" AND uri="/OfficeServer" AND method="POST" AND FileData=*

📊 Metadata

CVE ID: CVE-2025-13249

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.05% exploit probability (15.5th percentile)

Published: November 16, 2025

Last Updated: November 18, 2025

🔗 References

• https://github.com/rooboot501/my-project/blob/main/jiousi.md
• https://vuldb.com/?ctiid.332583
• https://vuldb.com/?id.332583
• https://vuldb.com/?submit.687599

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13249, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)

CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)

CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)