Home

Description

EN DE

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."

Eine kritische Schwachstelle wurde in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0 ausgemacht. Dies betrifft die Funktion plugin.buildMobilePopHtml der Datei \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class der Komponente Freemarker Engine. Dank der Manipulation mit unbekannten Daten kann eine improper neutralization of special elements used in a template engine-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

PUBLISHED Reserved 2025-06-27 | Published 2025-06-27 | Updated 2025-06-27 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Improper Neutralization of Special Elements Used in a Template Engine

Incomplete Filtering of Special Elements

Product status

6.x
affected

7.x
affected

8.x
affected

9.0
affected

Timeline

2025-06-27:Advisory disclosed
2025-06-27:VulDB entry created
2025-06-27:VulDB entry last update

Credits

caichaoxiong (VulDB User) reporter

References

vuldb.com/?id.314072 (VDB-314072 | Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine) vdb-entry technical-description

vuldb.com/?ctiid.314072 (VDB-314072 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.601207 (Submit #601207 | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )) third-party-advisory

vip.kingdee.com/link/s/ZlWX7 related

vip.kingdee.com/school/detail/713028702245944320 patch

cve.org (CVE-2025-6761)

nvd.nist.gov (CVE-2025-6761)

Download JSON