CVE-2025-25036 | THREATINT

Description

Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 (SP8).

PUBLISHED Reserved 2025-01-31 | Published 2025-03-21 | Updated 2025-11-19 | Assigner VulnCheck

MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status

affected

Any version before 10.0.8

affected

Credits

Arthur Deloffre (Vozec) finder

Tristan Bizien (Bizi) finder

References

community.jalios.com/..._893720/en/security-alert-2025-02-19

issues.jalios.com/browse/JCMS-11250

vulncheck.com/advisories/jalios-jplatform-xxe

cve.org (CVE-2025-25036)

nvd.nist.gov (CVE-2025-25036)

Download JSON