We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6761

Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine



Description

EN DE

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."

Eine kritische Schwachstelle wurde in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0 ausgemacht. Dies betrifft die Funktion plugin.buildMobilePopHtml der Datei \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class der Komponente Freemarker Engine. Dank der Manipulation mit unbekannten Daten kann eine improper neutralization of special elements used in a template engine-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

Reserved 2025-06-27 | Published 2025-06-27 | Updated 2025-06-27 | Assigner VulDB


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Improper Neutralization of Special Elements Used in a Template Engine

Incomplete Filtering of Special Elements

Product status

6.x
affected

7.x
affected

8.x
affected

9.0
affected

Timeline

2025-06-27:Advisory disclosed
2025-06-27:VulDB entry created
2025-06-27:VulDB entry last update

Credits

caichaoxiong (VulDB User) reporter

References

vuldb.com/?id.314072 (VDB-314072 | Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine) vdb-entry technical-description

vuldb.com/?ctiid.314072 (VDB-314072 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.601207 (Submit #601207 | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )) third-party-advisory

vip.kingdee.com/link/s/ZlWX7 related

vip.kingdee.com/school/detail/713028702245944320 patch

cve.org (CVE-2025-6761)

nvd.nist.gov (CVE-2025-6761)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6761

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.