CVE-2025-5877 – Fengoffice XML External Entity Reference Vulnerability

June 9, 2025

CVE ID : CVE-2025-5877

Published : June 9, 2025, 1:15 p.m. | 2 hours, 25 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5879 – WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

Next Article CVE-2025-49131 – FastGPT Sandbox Syscall Escalation Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-5877 – Fengoffice XML External Entity Reference Vulnerability

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

tartanlegrand/laravel-openapi

From MCP to multi-agents: The top 10 open source AI projects on GitHub right now and why they matter

Meta AI Introduces Multi-SpatialMLLM: A Multi-Frame Spatial Understanding with Multi-modal Large Language Models

Wearable App Development: Smart Solutions for Smart Devices

OneDrive is Down for Many: “Too Many Requests” Error Blocks Access — Here’s How to Fix It

CVE-2024-13957 – ASPECT SSRF Server Side Request Forgery

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

CVE-2025-3709 – Agentflow from Flowring Technology Account Lockout Bypass Vulnerability

CVE-2025-5877 – Fengoffice XML External Entity Reference Vulnerability

Related Posts