CNNVD-202511-3026 Information

CNNVD ID

CNNVD-202511-3026

Related CVE

CVE-2025-66372

• CNNVD Published: 2025-11-28

Description (Chinese)

Mustangproject是ZUGFeRD Community开源的一个发票库、验证器和工具软件。 Mustangproject 2.16.3之前版本存在代码问题漏洞，该漏洞源于允许通过XXE攻击窃取文件。

Description (English)

Mustangproject is an invoice bank, certifier and tool software for ZUGFED Community. There was a code problem gap in the previous version of Mustangproject 2.16.3, which stemmed from allowing the theft of documents through the XXE attack.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

ZUGFeRD Community

Published

2025-11-28

Last Modified

2026-02-24

References

https://github.com/ZUGFeRD/mustangproject/releases/tag/core-2.16.3 https://github.com/ZUGFeRD/mustangproject/pull/725 https://github.com/ZUGFeRD/mustangproject/issues/685 https://access.redhat.com/security/cve/cve-2025-66372

Patch

https://github.com/ZUGFeRD/mustangproject/releases