CVE-2025-15251
Published on December 30, 2025
beecue FastBee SIP Message ReqAbstractHandler.java getRootElement xml external entity reference
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2025-15251 has been classified to as a XXE vulnerability or weakness.
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Affected Versions
beecue FastBee:- Version 2.0 is affected.
- Version 2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.