cbcvebase.
CVE-2025-9681
published 2025-08-30

CVE-2025-9681: A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page…

PriorityP431medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.30%
21.4th percentile
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Affected

19 ranges
VendorProductVersion rangeFixed in
msrcazl3_cmake_3.30.3-4_on_azure_linux_3.0
msrcazl3_cmake_3.30.3-6_on_azure_linux_3.0
msrcazl3_curl_8.8.0-4_on_azure_linux_3.0
msrcazl3_mysql_8.0.40-5_on_azure_linux_3.0
msrcazl3_mysql_8.0.40-6_on_azure_linux_3.0
msrcazl3_rust_1.75.0-14_on_azure_linux_3.0
msrcazl3_rust_1.86.0-1_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-7_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_cmake_3.21.4-16_on_cbl_mariner_2.0
msrccbl2_cmake_3.21.4-17_on_cbl_mariner_2.0
msrccbl2_curl_8.8.0-5_on_cbl_mariner_2.0
msrccbl2_curl_8.8.0-6_on_cbl_mariner_2.0
msrccbl2_mysql_8.0.40-3_on_cbl_mariner_2.0
msrccbl2_mysql_8.0.40-4_on_cbl_mariner_2.0
msrccbl2_rust_1.72.0-10_on_cbl_mariner_2.0
msrccbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0
zonelando2oa<= 10.0-410
zonelando2oa

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.