CVE-2025-13209 bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference

🗓️ 15 Nov 2025 18:32:06Reported by VulDBType

There is an XML external entity vulnerability in Bestfeng oa_git_free up to 9.5 via updateWriteBack.

Reporter	Title	Published	Views	Family All 7
CNNVD	oa_git_free 代码问题漏洞	15 Nov 202500:00	–	cnnvd
CVE	CVE-2025-13209	15 Nov 202518:32	–	cve
EUVD	EUVD-2025-197709	15 Nov 202521:30	–	euvd
NVD	CVE-2025-13209	15 Nov 202519:15	–	nvd
Positive Technologies	PT-2025-47061	15 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-13209	17 Nov 202509:07	–	redhatcve
Vulnrichment	CVE-2025-13209 bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference	15 Nov 202518:32	–	vulnrichment

[
  {
    "vendor": "bestfeng",
    "product": "oa_git_free",
    "versions": [
      {
        "version": "9.0",
        "status": "affected"
      },
      {
        "version": "9.1",
        "status": "affected"
      },
      {
        "version": "9.2",
        "status": "affected"
      },
      {
        "version": "9.3",
        "status": "affected"
      },
      {
        "version": "9.4",
        "status": "affected"
      },
      {
        "version": "9.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md

15 Nov 2025 18:32Current

CVSS 45.3

CVSS 3.16.3

CVSS 36.3

CVSS 26.5

EPSS0.00034