Vulnerability Description
A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C
- https://vuldb.com/?ctiid.332528
- https://vuldb.com/?id.332528
- https://vuldb.com/?submit.685626
FAQ
What is CVE-2025-13209?
CVE-2025-13209 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPred...
How severe is CVE-2025-13209?
CVE-2025-13209 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13209?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.