CVE-2025-2365

MEDIUM Year: 2025
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-610
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2025-1225

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse....

CWE-6102025

CVE-2025-3241

MEDIUM
CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcent...

CWE-6102025

CVE-2017-18357

MEDIUM
CVSS:6.5(Medium)

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via...

CWE-6102017

CVE-2020-21363

MEDIUM
CVSS:6.5(Medium)

An arbitrary file deletion vulnerability exists within Maccms10.

CWE-6102020

CVE-2021-26920

MEDIUM
CVSS:6.5(Medium)

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend...

CWE-6102021

CVE-2021-3779

MEDIUM
CVSS:6.5(Medium)

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a...

CWE-6102021