CVE-2025-15251 | THREATINT

Description

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."

PUBLISHED Reserved 2025-12-29 | Published 2025-12-30 | Updated 2025-12-30 | Assigner VulDB

MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

MEDIUM: 5.6CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

5.1AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Problem types

XML External Entity Reference

Externally Controlled Reference

Product status

2.0

affected

2.1

affected

Timeline

2025-12-29:	Advisory disclosed
2025-12-29:	VulDB entry created
2025-12-29:	VulDB entry last update

Credits

VulDB Gitee Analyzer tool

References

vuldb.com/?id.338641 (VDB-338641 | beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference) vdb-entry technical-description

vuldb.com/?ctiid.338641 (VDB-338641 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

gitee.com/beecue/fastbee/issues/ID7HNZ issue-tracking

cve.org (CVE-2025-15251)

nvd.nist.gov (CVE-2025-15251)

Download JSON