CVE-2025-10816 is a security vulnerability identified in Jinher OA version 2.0, specifically within the XML Handler component located at the file path /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add. The flaw is an XML External Entity (XXE) reference vulnerability, which arises when the application processes XML input containing external entity references without proper validation or sanitization. This allows an attacker to manipulate the XML input to cause the application to process external entities, potentially leading to unauthorized disclosure of internal files, server-side request forgery (SSRF), or denial of service (DoS) conditions. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with the vector showing network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. Although no public exploit is currently known to be actively used in the wild, the exploit code has been released publicly, raising the risk of exploitation by opportunistic attackers. The vulnerability affects only version 2.0 of Jinher OA, an office automation software product used for enterprise collaboration and workflow management. Given the nature of XXE, attackers could leverage this flaw to access sensitive internal files, perform SSRF to pivot into internal networks, or disrupt service availability, depending on the server configuration and XML processing logic.

For European organizations using Jinher OA 2.0, this vulnerability poses a tangible risk to confidentiality and availability. Sensitive corporate data could be exposed if attackers exploit the XXE to read internal configuration files or other sensitive documents. SSRF capabilities could allow attackers to scan or attack internal network resources, potentially leading to further compromise. Availability could be impacted if the XML processing is exploited to cause denial of service through resource exhaustion or application crashes. Given that Jinher OA is used for office automation and workflow, disruption could affect business continuity and productivity. The medium severity rating suggests that while the vulnerability is serious, exploitation requires specific conditions and may not lead to full system compromise. However, the public availability of exploit code increases the likelihood of attacks, especially against organizations that have not applied mitigations or patches. European organizations with sensitive internal workflows or regulatory compliance requirements (e.g., GDPR) should be particularly cautious about data leakage risks.

1. Immediate mitigation should include disabling or restricting XML external entity processing in the Jinher OA application configuration if possible. 2. Apply any available patches or updates from Jinher addressing this vulnerability; if no official patch exists, contact the vendor for guidance or consider upgrading to a non-affected version. 3. Implement web application firewall (WAF) rules to detect and block XML payloads containing external entity declarations or suspicious XML content targeting the vulnerable endpoint. 4. Restrict network egress from the application server to prevent SSRF exploitation by limiting outbound connections to trusted destinations only. 5. Conduct thorough logging and monitoring of XML processing errors and unusual outbound requests from the Jinher OA server to detect exploitation attempts early. 6. Perform internal audits to identify all instances of Jinher OA 2.0 deployment and prioritize remediation efforts accordingly. 7. Educate IT and security teams about the risks of XXE and the specific indicators of compromise related to this vulnerability.