CVE-2025-7823 – This vulnerability in Jinher OA 1.2 allows remo... (How to Fix)

Q: What is the severity of CVE-2025-7823?

CVE-2025-7823 has a CVSS score of 7.3 (HIGH). This vulnerability in Jinher OA 1.2 allows remote attackers to perform XML External Entity (XXE) attacks via the ProjectScheduleDelete.aspx file. This could enable attackers to read sensitive files, conduct server-side request forgery, or cause denial of service. Organizations using Jinher OA 1.2 are affected.

📋 TL;DR

This vulnerability in Jinher OA 1.2 allows remote attackers to perform XML External Entity (XXE) attacks via the ProjectScheduleDelete.aspx file. This could enable attackers to read sensitive files, conduct server-side request forgery, or cause denial of service. Organizations using Jinher OA 1.2 are affected.

💻 Affected Systems

Products:

Jinher OA

Versions: 1.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific ProjectScheduleDelete.aspx file. Requires the application to process XML input.

📦 What is this software?

Jinher Oa by Jinher

View all CVEs affecting Jinher Oa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through file disclosure, internal network reconnaissance, or denial of service via entity expansion attacks.

🟠

Likely Case

Unauthorized access to sensitive files on the server, potentially including configuration files with credentials.

🟢

If Mitigated

Limited impact with proper network segmentation, file system permissions, and XML parser hardening.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available. Attack requires sending specially crafted XML to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable XXE Processing

windows

Configure XML parser to disable external entity resolution

Modify web.config or application settings to set XmlResolver to null
Set DTD processing to Prohibit or Ignore

Input Validation

all

Implement strict input validation to reject XML with external entities

Add input validation filters for XML content
Use allowlists for acceptable XML structures

🧯 If You Can't Patch

Implement WAF rules to block XXE payloads at the network perimeter
Restrict network access to the vulnerable endpoint using firewall rules

🔍 How to Verify

Check if Vulnerable:

Test by sending XML with external entity references to ProjectScheduleDelete.aspx endpoint

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Verify XML parser configuration disables external entity resolution

📡 Detection & Monitoring

Log Indicators:

Unusual XML parsing errors
Requests to ProjectScheduleDelete.aspx with XML content
File access attempts from web process

Network Indicators:

HTTP POST requests to ProjectScheduleDelete.aspx containing XML with DOCTYPE declarations
Outbound connections from web server to internal systems

SIEM Query:

source="web_server" AND (uri="*ProjectScheduleDelete.aspx*" AND content="*DOCTYPE*" OR "*ENTITY*")

📊 Metadata

CVE ID: CVE-2025-7823

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-610

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: July 19, 2025

Last Updated: August 26, 2025

🔗 References

https://github.com/cc2024k/CVE/issues/3 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.316924 Permissions Required,VDB Entry
https://vuldb.com/?id.316924 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.616841 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7823, you might also want to check these: