CVE-2025-7823

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/cc2024k/CVE/issues/3", "name": "https://github.com/cc2024k/CVE/issues/3", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.316924", "name": "VDB-316924 | CTI Indicators (IOB, IOC, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.316924", "name": "VDB-316924 | Jinher OA ProjectScheduleDelete.aspx xml external entity reference", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.616841", "name": "Submit #616841 | Jinhe OA V1.2 XML External Entity Reference", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-610"}, {"lang": "en", "value": "CWE-611"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-7823", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}}, "publishedDate": "2025-07-19T13:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-19T13:15Z"}