Security Advisory
CVE-2025-25589
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.