CVE-2025-5877

Name of the Vulnerable Software and Affected Versions Fengoffice Feng Office version 3.2.2.1

Description A problematic issue has been found in the Document Upload Handler component, specifically affecting some unknown functionality of the file /application/models/ApplicationDataObject.class.php. This issue leads to xml external entity reference and can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For Fengoffice Feng Office version 3.2.2.1, as a temporary workaround, consider restricting access to the Document Upload Handler component until a patch is available. Avoid using the affected functionality of the file /application/models/ApplicationDataObject.class.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.