CNNVD-202511-1774 Information

Nov 15, 2025 cve

CNNVD ID

CNNVD-202511-1774

CVE-2025-13209

  • CNNVD Published: 2025-11-15

Description (Chinese)

bestfeng oa_git_free(行云流程引擎)是中国云网OA(bestfeng)公司的一个企业自动化流程平台。 oa_git_free 9.5及之前版本存在代码问题漏洞,该漏洞源于文件yimioa-oa9.5serverc-flowsrcmainjavacomcloudweboacontrollerWorkflowPredefineController.java中参数writeProp的错误操作,可能导致XML外部实体引用。

Description (English)

Bestfeng oa git free (Logflow Engine) is an enterprise automated process platform for China Cloudnet OA (bestfeng). There is a code problem loophole in oa git free 9.5 and earlier versions, which stems from the wrong operation of the parameter writeProp in document yimioa-oa9.5serverc-flowsr andainjavacomploudweboacontroller WorkflowPredefineController.java, which may lead to references from outside XML entities.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

云网OA

Published

2025-11-15

Last Modified

2026-02-24

References

https://vuldb.com/?submit.685626 https://vuldb.com/?id.332528 https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md https://vuldb.com/?ctiid.332528 https://access.redhat.com/security/cve/cve-2025-13209

Share on: