MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-11140

🔴 HIGH

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of t...

Published
Sep 29, 2025
Last Modified
Sep 29, 2025
Views
8
Bookmarks
0

Description

Request Expert Review

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

CVSS 3.1 7.3
7.3
HIGH
CVSS 2.0 7.3

References

github.com vuldb.com vuldb.com vuldb.com

Additional Information

Source
cna@vuldb.com
State
Received

Related CVEs

CVE-2025-11139

MEDIUM

A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.Fo...

Score: 6.3

CVE-2025-11138

MEDIUM

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation...

Score: 6.3

CVE-2025-11137

LOW

A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipul...

Score: 3.5

CVE-2025-11136

MEDIUM

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the compo...

Score: 4.7

CVE-2025-11135

HIGH

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the funct...

Score: 7.3

CVE-2025-9904

MEDIUM

Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LI...

Score: 5.3

Share CVE-2025-11140

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-11140 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis