CVE-2025-25035

Name of the Vulnerable Software and Affected Versions Jalios JPlatform versions prior to 10.0.8 Jalios Workplace versions 5.3 through 6.2

Description The issue is related to improper restriction of XML external entity references, allowing XML injection, and improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities, including both reflected and stored XSS.

Recommendations For Jalios JPlatform versions prior to 10.0.8, update to version 10.0.8 or later. For Jalios Workplace versions 5.3 through 6.2, consider disabling any features that generate web pages based on user input until a patch is available.