cvelist/2025/2xxx/CVE-2025-2365.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2025-2365",
        "ASSIGNER": "cna@vuldb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
                "lang": "deu",
                "value": "Eine problematische Schwachstelle wurde in crmeb_java bis 1.3.4 entdeckt. Hierbei geht es um die Funktion webHook der Datei WeChatMessageController.java. Durch Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "XML External Entity Reference",
                        "cweId": "CWE-611"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Externally Controlled Reference",
                        "cweId": "CWE-610"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "n/a",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "crmeb_java",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.3.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.3.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.3.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.3.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.3.4"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://vuldb.com/?id.299864",
                "refsource": "MISC",
                "name": "https://vuldb.com/?id.299864"
            },
            {
                "url": "https://vuldb.com/?ctiid.299864",
                "refsource": "MISC",
                "name": "https://vuldb.com/?ctiid.299864"
            },
            {
                "url": "https://vuldb.com/?submit.513285",
                "refsource": "MISC",
                "name": "https://vuldb.com/?submit.513285"
            },
            {
                "url": "https://github.com/jmx0hxq/Vulnerability-learning/blob/main/crmeb-java-xxe1.md",
                "refsource": "MISC",
                "name": "https://github.com/jmx0hxq/Vulnerability-learning/blob/main/crmeb-java-xxe1.md"
            }
        ]
    },
    "credits": [
        {
            "lang": "en",
            "value": "jmx0hxq (VulDB User)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "3.0",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "2.0",
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
}