CVE-2025-25589

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt