CNNVD-202511-2991 Information
CNNVD ID
CNNVD-202511-2991
Related CVE
- CNNVD Published: 2025-11-28
Description (Chinese)
kivitendo-erp是kivitendo开源的一个企业资源规划系统。 kivitendo-erp 3.9.2之前版本存在代码问题漏洞,该漏洞源于上传ZUGFeRD格式电子发票时可能导致XXE注入攻击。
Description (English)
Kivitendo-erp is an enterprise resource planning system for the open source of Kivitendo. The pre-kivitendo-erp 3.9.2 version had a code problem loophole, which originated from the possibility of an attack by XXE when electronic invoices in ZUGFeRD were uploaded.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
kivitendo
Published
2025-11-28
Last Modified
2026-02-24
References
https://blog.kivitendo.de/?p=1415 https://github.com/kivitendo/kivitendo-erp/blob/fd3f993fc731cbcaa5eb87d55df7c82df4df9c09/doc/changelog https://github.com/kivitendo/kivitendo-erp/commit/1286dee72f9919166178d0cdb5f52f13b0f7d4de https://github.com/kivitendo/kivitendo-erp/commit/f6ba56bd8d22a428534057589baace6b7bfdf2e9 https://access.redhat.com/security/cve/cve-2025-66370
Patch
https://github.com/kivitendo/kivitendo-erp/tags
Share on: