How severe is CVE-2025-3241?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-3241?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2025-3241 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2025-1225

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse....

CWE-6102025

CVE-2025-2365

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulatio...

CWE-6102025

CVE-2017-18357

MEDIUM

CVSS:6.5(Medium)

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via...

CWE-6102017

CVE-2020-21363

MEDIUM

CVSS:6.5(Medium)

An arbitrary file deletion vulnerability exists within Maccms10.

CWE-6102020

CVE-2021-26920

MEDIUM

CVSS:6.5(Medium)

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend...

CWE-6102021

CVE-2021-3779

MEDIUM

CVSS:6.5(Medium)

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a...

CWE-6102021