CVE-2025-11341 is an XML External Entity (XXE) vulnerability identified in Jinher OA version 2.0, specifically within the /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx endpoint when invoked with parameters ?type=SystemUserInfo&style=1. XXE vulnerabilities arise when XML parsers process external entity references without proper validation or restrictions, allowing attackers to read arbitrary files, perform server-side request forgery (SSRF), or cause denial of service. In this case, the vulnerability allows remote attackers to craft malicious XML payloads that exploit the external entity reference feature, potentially exposing sensitive information or disrupting service. The vulnerability requires no authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although no active exploitation in the wild is reported, a public exploit is available, which may lead to increased attack attempts. Jinher OA is a widely used office automation and workflow management system, often deployed in enterprise environments, making this vulnerability relevant for organizations relying on it for internal processes. The lack of vendor patches at the time of disclosure necessitates immediate mitigation efforts to reduce exposure.

For European organizations using Jinher OA 2.0, this vulnerability poses a risk of unauthorized disclosure of sensitive internal information, potential modification of data, and service disruption. Given the remote exploitability without authentication, attackers can leverage this flaw to gain insights into internal network structure, access configuration files, or execute denial-of-service attacks by exploiting XML parser behavior. This can lead to operational downtime, data breaches, and compliance violations under regulations such as GDPR. Organizations in sectors with high reliance on Jinher OA for business workflows, including government, finance, manufacturing, and healthcare, face increased risk. The public availability of an exploit increases the likelihood of targeted attacks or opportunistic scanning by cybercriminals. The partial impact on confidentiality, integrity, and availability means attackers may not gain full control but can still cause significant disruption and data leakage. The medium severity rating reflects these factors but also the limited scope of affected versions and the need for specific crafted requests.

1. Monitor Jinher’s official channels for security patches addressing CVE-2025-11341 and apply them promptly once released. 2. Until patches are available, implement XML parser hardening by disabling external entity processing and DTDs in the application configuration if possible. 3. Employ web application firewalls (WAFs) with custom rules to detect and block malicious XML payloads targeting the vulnerable endpoint, especially requests containing external entity references. 4. Restrict network access to the Jinher OA application to trusted internal IP ranges and limit exposure to the internet. 5. Conduct regular security assessments and penetration tests focusing on XML processing components. 6. Implement strict input validation and sanitization on all XML inputs to prevent injection of malicious entities. 7. Monitor logs for unusual XML parsing errors or suspicious requests targeting /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx. 8. Educate IT and security teams about the vulnerability and the importance of rapid response to public exploit disclosures. 9. Consider network segmentation to isolate critical Jinher OA servers from other sensitive infrastructure to limit lateral movement in case of compromise.