CVE-2025-11140 | Bjskzy Zhiyou ERP up to 11.0 com.artery.richclient.RichClientService openForm contentString xml external entity reference

A vulnerability, which was classified as problematic, was found in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference.

This vulnerability is documented as CVE-2025-11140. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More