CVE-2023-28152 in JWord
Summary
by MITRE • 03/24/2023
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/02/2025
The vulnerability identified as CVE-2023-28152 represents a critical XML external entity injection flaw within the Independentsoft JWord library prior to version 1.1.110. This issue specifically affects applications that process Microsoft Word DOCX files through the JWord API, creating a significant security risk for systems that handle untrusted document inputs. The vulnerability stems from insufficient input validation and improper XML parsing mechanisms that fail to adequately restrict external entity resolution during document processing operations.
The technical flaw manifests when the JWord library processes DOCX files that contain maliciously crafted XML content referencing remote DTDs or external entities. This XXE vulnerability allows attackers to inject malicious XML entities that can trigger various harmful behaviors including data exfiltration, server-side request forgery attacks, and potential denial of service conditions. The vulnerability is particularly dangerous because DOCX files are commonly used in business environments and may be processed automatically by applications without proper security screening, making the attack surface broader than initially apparent.
The operational impact of this vulnerability extends beyond simple data theft, as it can enable attackers to perform reconnaissance activities against internal networks by leveraging the processing of DOCX files through applications that utilize the vulnerable JWord library. When applications automatically process user-uploaded documents or documents from untrusted sources, the XXE injection can be exploited to access internal resources, bypass network security controls, and potentially escalate privileges within the application environment. This creates a vector for attackers to move laterally within networks where such document processing occurs, particularly in environments where automated document handling is common.
Organizations utilizing the Independentsoft JWord library should prioritize immediate remediation by upgrading to version 1.1.110 or later, which includes proper XML entity validation and restriction mechanisms. Additional mitigations should include implementing strict input validation for all document processing operations, disabling external entity resolution in XML parsers, and employing network segmentation to limit potential damage from successful XXE exploitation attempts. Security controls should also incorporate monitoring for unusual document processing patterns and network requests that may indicate XXE attack activity. This vulnerability aligns with CWE-611 (Improper Restriction of XML External Entity Reference) and represents a significant concern under ATT&CK technique T1059.007 (Command and Scripting Interpreter: PowerShell) when combined with other attack vectors that leverage document processing capabilities.