CVE-2025-7824
CRITICAL WAF: High
CVSS 9.8
Published: 2025-07-19
CWE-611 CWE-611
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| jinher | jinher_oa | 1.1 |
References
- github.com (Exploit, Issue Tracking, Third Party Advisory)
- vuldb.com (Permissions Required, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)