CVE-2025-10092 in Jinher
Summary
by MITRE • 09/08/2025
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/10/2025
This vulnerability exists within the Jinher OA system version 1.2 and specifically targets the XML Handler component located at /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add. The flaw represents a classic xml external entity reference vulnerability that allows attackers to manipulate xml processing directives in ways that can lead to unauthorized data access or system compromise. The vulnerability is particularly concerning because it operates through a remote attack vector, meaning that malicious actors can exploit it without requiring physical access to the target system. The fact that a public exploit has been developed and distributed significantly increases the risk profile of this vulnerability, as it removes the need for sophisticated attack development and makes the exploit accessible to a broader range of threat actors.
The technical implementation of this vulnerability stems from improper handling of xml input within the application's processing pipeline. When the system processes xml data through the affected component, it fails to properly validate or sanitize external entity references that may be embedded within the xml structure. This allows attackers to craft malicious xml payloads that can trigger the loading of external resources or execute arbitrary commands on the target system. The vulnerability aligns with CWE-611 which specifically addresses improper restriction of XML external entity reference and falls under the broader category of xml injection attacks that have been documented in numerous security assessments. The attack surface is expanded by the remote execution capability, which means that threat actors can leverage this vulnerability from any location with network access to the affected system.
The operational impact of this vulnerability extends beyond simple data theft or system compromise, as it can potentially enable full system takeover or unauthorized access to sensitive project management data within the Jinher OA environment. Attackers could exploit this weakness to access confidential project information, manipulate task assignments, or gain persistence within the organization's infrastructure. The vulnerability affects the core project management functionality of the application, which could disrupt business operations and compromise sensitive organizational data. Given that the application appears to handle project management tasks, the potential for data exfiltration or manipulation of critical business processes is significant, particularly in environments where such systems contain sensitive corporate or client information.
Organizations should prioritize immediate remediation efforts by updating to the latest version of Jinher OA where this vulnerability has been addressed through proper xml input validation and sanitization. Network segmentation should be implemented to limit access to the vulnerable component, and web application firewalls should be configured to detect and block suspicious xml payloads targeting this specific endpoint. Security monitoring should be enhanced to detect unusual xml processing patterns or attempts to access external resources through the affected component. The vulnerability also highlights the importance of implementing secure coding practices that prevent xml external entity references from being processed without proper validation, aligning with ATT&CK technique T1590 which covers reconnaissance through external information leakage and T1068 which addresses exploit for privilege escalation. Regular security assessments should include testing for similar xml injection vulnerabilities in other components of the application stack, as this represents a common class of weakness that can be found in numerous enterprise applications.