CVE-2025-25589 Information

Description

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

Reference

https://gitee.com/r1bbit/yimioa/issues/IBI81R