Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine
CVE-2025-6761

6.9MEDIUM

Key Information:

Vendor

Kingdee

Status
Cloud-starry-sky Enterprise Edition
Vendor
CVE Published:
27 June 2025

What is CVE-2025-6761?

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."

Affected Version(s)

Cloud-Starry-Sky Enterprise Edition 6.x

Cloud-Starry-Sky Enterprise Edition 7.x

Cloud-Starry-Sky Enterprise Edition 8.x

References

https://vuldb.com/?id.314072
vdb-entrytechnical-description
https://vuldb.com/?ctiid.314072
signaturepermissions-required
https://vuldb.com/?submit.601207
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

caichaoxiong (VulDB User)
.
CVE-2025-6761 : Remote Code Execution Vulnerability in Kingdee Cloud-Starry-Sky Enterprise Edition