Login Sign Up

CVE-2025-7523

7.3 HIGH
XXE

📋 TL;DR

This vulnerability in Jinher OA 1.0 allows attackers to perform XML External Entity (XXE) attacks through the /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx endpoint. This can lead to unauthorized data access, server-side request forgery, or denial of service. Organizations using Jinher OA 1.0 are affected.

💻 Affected Systems

Products:
  • Jinher OA
Versions: 1.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Specific configurations may affect exploitability, but default installations appear vulnerable.

📦 What is this software?

Jinher Oa by Jinher

View all CVEs affecting Jinher Oa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including sensitive data exfiltration, internal network reconnaissance, and potential remote code execution via XXE.

🟠

Likely Case

Unauthorized access to sensitive files on the server, disclosure of internal system information, and potential denial of service.

🟢

If Mitigated

Limited impact with proper XML parser hardening, network segmentation, and input validation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available on GitHub demonstrates remote exploitation without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable XXE in XML parser

windows

Configure XML parser to disable external entity processing

Set XmlResolver property to null in .NET XML parsers
Disable DTD processing in XML configuration

Block vulnerable endpoint

windows

Restrict access to /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx

Add URL rewrite rule in IIS to block the path
Configure firewall rules to block requests to this endpoint

🧯 If You Can't Patch

  • Implement network segmentation to isolate Jinher OA systems
  • Deploy web application firewall with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Test the /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx endpoint with XXE payloads from the public PoC

Check Version:

Check Jinher OA version in application interface or configuration files

Verify Fix Applied:

Verify XML parser configuration disables external entities and test endpoint with XXE payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual XML payloads in web server logs
  • Requests to DelTemp.aspx with XML content
  • Error logs showing XML parsing failures

Network Indicators:

  • HTTP requests containing XML external entity declarations
  • Outbound connections from server to unexpected external systems

SIEM Query:

source="web_server" AND (uri="*DelTemp.aspx" OR body="*<!ENTITY*")

📊 Metadata

CVE ID: CVE-2025-7523
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-610
EPSS Score: 0.04% exploit probability (10th percentile)
Published: July 13, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7523, you might also want to check these:

CVE-2025-22144 9.8

This vulnerability in NamelessMC allows attackers with admincp.core.emails or admincp.users.edit per...

Same vulnerability type (CWE-610)
CVE-2021-44041 9.8

This vulnerability in UiPath Assistant allows attackers to execute arbitrary code or capture NTLM cr...

Same vulnerability type (CWE-610)
CVE-2021-41244 9.1

This vulnerability in Grafana allows organization administrators to access and modify users in other...

Same vulnerability type (CWE-610)