CVE-2025-25589HIGH 8.1EPSS p32.3%

CVE-2025-25589CVE-2025-25589

Description

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.41% probability of exploitation · percentile 32.3% · 2026-06-18T12:00:27Z
Published2025-03-18
Last modified2026-04-15

Underlying weaknesses· 1

CWE-91

References

  1. https://gitee.com/r1bbit/yimioa/issues/IBI81R

1

TypeTargetConfidenceTier
WeaknessXML Injection (aka Blind XPath Injection)cwe-910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10713
CVE
CVE-2025-3241
CVE
CVE-2025-36049
CVE
CVE-2025-2905
CVE
CVE-2026-36765
CVE
CVE-2026-25111
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.