PT-2025-11399 · Unknown · Crmeb Java

Jmx0Hxq

Publicado

2025-03-16

Atualizado

2025-03-17

CVE-2025-2365

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions crmeb java versions up to 1.3.4

Description A problematic issue has been found, affecting the webHook function of the WeChatMessageController.java file. This issue leads to xml external entity reference and can be exploited remotely.

Recommendations For crmeb java versions up to 1.3.4, consider disabling the webHook function of the WeChatMessageController.java file as a temporary workaround until a patch is available. Restrict access to the WeChatMessageController.java file to minimize the risk of exploitation. Avoid using the webHook function in the affected API endpoint until the issue is resolved.

Exploit

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611CWE-610

Identificadores relacionados

CVE-2025-2365

Produtos afetados

Crmeb Java

PT-2025-11399 · Unknown · Crmeb Java

CVE-2025-2365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11