Home

Description

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-03 | Updated 2025-12-05 | Assigner mitre

References

github.com/weng-xianhu/eyoucms/issues/66 exploit

github.com/weng-xianhu/eyoucms/issues/66

cve.org (CVE-2025-65868)

nvd.nist.gov (CVE-2025-65868)