CVE-2025-3241: zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
First published: Fri Apr 04 2025(Updated: )
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zhangyanbo2007 youkefu | <=4.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3241?
CVE-2025-3241 is classified as a problematic vulnerability.
What software is affected by CVE-2025-3241?
CVE-2025-3241 affects zhangyanbo2007 youkefu versions up to and including 4.2.0.
How do I fix CVE-2025-3241?
To fix CVE-2025-3241, you should update zhangyanbo2007 youkefu to a version beyond 4.2.0.
What component is impacted by CVE-2025-3241?
CVE-2025-3241 impacts the XML Document Handler in the CallCenterRouterController.java file.
What is the nature of the issue in CVE-2025-3241?
CVE-2025-3241 involves manipulation within an unknown part of the affected component.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/zhangyanbo2007
- canonical/zhangyanbo2007 youkefu