crmeb_java 1.3.4 XXE via WeChatMessageController.webHook (Remote)
CVE-2025-2365 Published on March 17, 2025
crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2025-2365 has been classified to as a XXE vulnerability or weakness.
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.