CVE-2025-1225

Name of the Vulnerable Software and Affected Versions ywoa versions 2024.07.03 and earlier

Description A problematic issue has been found in the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to an xml external entity reference. The attack may be initiated remotely.

Recommendations For ywoa versions 2024.07.03 and earlier, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider disabling the extract function of the WXCallBack Interface component until the update is applied. Restrict access to the XMLParse.java file to minimize the risk of exploitation.