CVE-2025-13209 | bestfeng oa_git_free up to 9.5 WorkflowPredefineController.java updateWriteBack writeProp xml external entity reference

A vulnerability classified as problematic has been found in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5serverc-flowsrcmainjavacomcloudweboacontrollerWorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity reference.

This vulnerability is tracked as CVE-2025-13209. The attack is possible to be carried out remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More