CVE-2025-25589

High

Published: 18 March 2025

Published

18 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0013 32.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25589 is a high-severity aka Blind XPath Injection (CWE-91) vulnerability in Gitee (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 directly addresses this CVE by requiring identification, reporting, and correction of the specific XML parser flaw through timely patching to the fixed version v2024.07.04.

SI-10 Information Input Validation good match

prevent

SI-10 prevents XXE exploitation by validating crafted XML inputs supplied to the vulnerable /weixin/aes/XMLParse.java component using organization-defined tools and procedures.

CM-6 Configuration Settings partial match

prevent

CM-6 mitigates XXE by enforcing secure configuration settings on the XML parser to disable external entity processing.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

XXE vulnerability in public-facing web app component allows remote low-privilege attackers to supply crafted XML leading to arbitrary code execution, directly enabling exploitation of public-facing applications and privilege escalation via the resulting code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.

Deeper analysisAI

CVE-2025-25589 is an XML external entity (XXE) injection vulnerability, mapped to CWE-91, in the /weixin/aes/XMLParse.java component of yimioa versions prior to v2024.07.04. Published on 2025-03-18T16:15:27.200, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue enables attackers to execute arbitrary code by supplying a crafted XML file to the vulnerable parser.

Attackers with low privileges can exploit this over the network with low complexity and no user interaction. Exploitation leads to high confidentiality and integrity impacts through arbitrary code execution, without affecting availability or changing scope.

The referenced advisory at https://gitee.com/r1bbit/yimioa/issues/IBI81R provides details on the issue, with mitigation achieved by upgrading to yimioa v2024.07.04 or later.

Details

CWE(s): CWE-91

Affected Products

Gitee

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-28770Shared CWE-91

CVE-2026-34601Shared CWE-91

CVE-2026-32870Shared CWE-91

CVE-2024-47113Shared CWE-91

CVE-2022-50902Shared CWE-91

CVE-2025-66034Shared CWE-91

References

https://gitee.com/r1bbit/yimioa/issues/IBI81R
cve@mitre.org