CVE-2025-5325 is a medium-severity vulnerability identified in version 1.0.0 of the ADP Application Developer Platform (应用开发者平台) developed by zhilink 智互联(深圳)科技有限公司. The vulnerability arises from improper neutralization of special elements used within a template engine, specifically in an unknown functionality related to the file /adpweb/a/ica/api/service/rfa/testService. This flaw allows an attacker to remotely manipulate template elements without requiring user interaction or elevated privileges beyond low-level privileges. The improper neutralization can lead to injection attacks within the template engine context, potentially enabling an attacker to execute unauthorized code or manipulate the output of the application. The vulnerability is remotely exploitable over the network, with no authentication or user interaction needed, increasing the attack surface. Although the vendor was notified early, no response or patch has been issued, and while no known exploits are currently active in the wild, the exploit details have been publicly disclosed, raising the risk of exploitation. The CVSS 4.0 base score is 5.3, reflecting a medium severity level due to the combination of network attack vector, low complexity, no user interaction, but limited impact on confidentiality, integrity, and availability (all rated low). The vulnerability does not affect system components beyond the application layer and does not require elevated privileges, but the lack of vendor response and public exploit disclosure necessitate attention from users of this platform.

For European organizations using the zhilink ADP Application Developer Platform, this vulnerability could result in unauthorized manipulation of application templates, potentially leading to data tampering, information leakage, or partial disruption of application functionality. Although the impact on confidentiality, integrity, and availability is rated low, exploitation could facilitate further attacks such as injection of malicious code or unauthorized data exposure within the affected application context. Given the platform's role in application development, compromised templates could propagate vulnerabilities into downstream applications, increasing risk. Organizations relying on this platform for critical business applications may face operational disruptions or reputational damage if exploited. The remote exploitability without user interaction or elevated privileges increases the likelihood of automated attacks, especially since the exploit details are publicly available. European entities with integrations or deployments of this platform should assess their exposure promptly to prevent potential exploitation.

Since no official patch or vendor response is available, European organizations should implement compensating controls immediately. These include: 1) Restricting network access to the affected service endpoints (/adpweb/a/ica/api/service/rfa/testService) via firewall rules or network segmentation to limit exposure to trusted users and systems only. 2) Implementing web application firewalls (WAFs) with custom rules to detect and block suspicious template injection patterns or malformed requests targeting the vulnerable API. 3) Conducting thorough code reviews and input validation enhancements around template processing to neutralize special elements properly, if source code access is available. 4) Monitoring logs and network traffic for anomalous activities indicative of exploitation attempts. 5) Planning for migration or upgrade to a secure version once the vendor releases a patch or alternative solution. 6) Educating development and security teams about the risks of template injection vulnerabilities and secure coding practices to prevent similar issues in future deployments.