How severe is CVE-2025-1225?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-1225?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2025-1225 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2025-2365

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulatio...

CWE-6102025

CVE-2025-3241

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcent...

CWE-6102025

CVE-2017-18357

MEDIUM

CVSS:6.5(Medium)

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via...

CWE-6102017

CVE-2020-21363

MEDIUM

CVSS:6.5(Medium)

An arbitrary file deletion vulnerability exists within Maccms10.

CWE-6102020

CVE-2021-26920

MEDIUM

CVSS:6.5(Medium)

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend...

CWE-6102021

CVE-2021-3779

MEDIUM

CVSS:6.5(Medium)

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a...

CWE-6102021