CVE-2025-15251

Summary

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."

Affected Software

VendorProductVersion RangeStatus
beecueFastBee2.0affected
beecueFastBee2.1affected

Weaknesses

  • CWE-611: XML External Entity Reference
  • CWE-610: Externally Controlled Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References