XML Injection Vulnerability in Jalios JPlatform Affects Multiple Versions
CVE-2025-25036

6.8MEDIUM

Key Information:

Vendor

JaliOS

Status
Jplatform
Vendor
CVE Published:
21 March 2025

What is CVE-2025-25036?

Jalios JPlatform is susceptible to an XML Injection vulnerability stemming from improper restrictions of XML External Entity (XXE) references. This issue compromises all versions of JPlatform 10 prior to 10.0.8 (SP8), potentially allowing attackers to exploit the application and gain unauthorized access to sensitive data. It is crucial for users of affected versions to upgrade to the latest release to mitigate security risks associated with this vulnerability.

Affected Version(s)

JPlatform 0

References

https://community.jalios.com/jcms/jc1_893720/en/security-...
https://issues.jalios.com/browse/JCMS-11250
https://vulncheck.com/advisories/jalios-jplatform-xxe

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arthur Deloffre (Vozec)
Tristan Bizien (Bizi)
.
CVE-2025-25036 : XML Injection Vulnerability in Jalios JPlatform Affects Multiple Versions