CVE Alert: CVE-2025-10816 – Jinher – OA

Risk verdict

High risk: remote XML External Entity exposure with a publicly available exploit; no user interaction required.

Why this matters

XXE can disclose server files, access internal resources, or enable SSRF to reach other services. With an openly available exploit and a medium–high CVSS rating, adversaries could map networks or exfiltrate data from Jinher OA deployments.

Most likely attack path

Remote attacker sends crafted XML to the vulnerable OA 2.0 XML Handler endpoint (GetWordFileName.aspx) over HTTP/S. The parser processes external entities, potentially reading local files or reaching internal services, allowing data disclosure or internal reconnaissance without credentials. Limited by low-priority preconditions, but public exploit availability increases likelihood of automated abuse in exposed environments.

Who is most exposed

Enterprises running Jinher OA 2.0 on-premises or in adjacent DMZs with internet-facing web components are most at risk, especially where XML processing components are accessible without strong authentication.

Detection ideas

• Sudden spikes in requests to GetWordFileName.aspx with unusual text parameter values.
• XML payloads containing DOCTYPE/ENTITY declarations.
• Outbound connections from the OA host to internal or rarely contacted external hosts.
• Anomalous file read or data exfil events tied to OA processes.
• WAF/IDS alerts matching XXE patterns around XML endpoints.

Mitigation and prioritisation

• Apply vendor patch or upgrade Jinher OA to a fixed release.
• Disable external entity processing in the XML parser, or enable secure parsing modes.
• Implement XXE protections at the WAF and harden OA network access controls.
• Restrict OA exposure with network segmentation and least-privilege access.
• If KEV true or EPSS ≥ 0.5, treat as priority 1; otherwise pursue high-priority remediation with a defined patch window.