CVE-2025-11035 in Jinher
Summary
by MITRE • 09/26/2025
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/09/2025
The vulnerability identified as CVE-2025-11035 resides within Jinher OA 2.0 software, specifically targeting an unknown function within the ManageWord.aspx file located at /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This particular component represents a critical security flaw that enables unauthorized remote exploitation through xml external entity reference attacks. The vulnerability manifests when the application processes user-supplied input without proper validation, creating an avenue for malicious actors to manipulate the system's xml processing capabilities. The attack vector is remotely accessible, meaning that adversaries can initiate exploitation without requiring physical access to the target system, making this vulnerability particularly dangerous in networked environments.
The technical implementation of this vulnerability stems from improper handling of xml data processing within the targeted application module. When the system receives input through the GetUrl parameter with style=1 configuration, it fails to adequately sanitize or validate the xml content, allowing external entity references to be processed. This flaw directly aligns with CWE-611, which categorizes improper restriction of XML external entity reference as a significant security weakness. The vulnerability enables attackers to potentially access sensitive internal resources, perform server-side request forgery attacks, or extract confidential information from the targeted system through maliciously crafted xml payloads.
The operational impact of this vulnerability extends beyond simple data theft, as it can facilitate more sophisticated attack chains within the target environment. Remote exploitation capabilities mean that threat actors can potentially establish persistent access to the affected system, leverage it as a pivot point for lateral movement, or use it as a launchpad for additional attacks against networked resources. The public disclosure of exploitation techniques further amplifies the risk, as it provides attackers with readily available methods to compromise affected systems. This vulnerability particularly affects organizations using Jinher OA 2.0 in production environments where proper network segmentation and access controls may not be adequately implemented.
Security mitigations for CVE-2025-11035 should focus on immediate input validation and xml processing restrictions within the affected application. Organizations must implement proper xml parsing configurations that disable external entity resolution and DTD processing to prevent malicious xml content from being processed. The recommended approach includes updating the application to a patched version that properly sanitizes input parameters, implementing web application firewalls with specific rules to block malicious xml payloads, and conducting comprehensive network monitoring to detect potential exploitation attempts. Additionally, system administrators should consider implementing principle of least privilege access controls and regular security assessments to identify similar vulnerabilities within the broader application ecosystem. The ATT&CK framework categorizes this vulnerability under T1190 - Exploit Public-Facing Application, highlighting the need for organizations to maintain current threat intelligence and implement proactive security measures to prevent unauthorized access to vulnerable components.