CVE-2025-12921 | OpenClinica Community Edition up to 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file xml injection

A vulnerability categorized as critical has been discovered in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xml_file leads to xml injection.

This vulnerability is referenced as CVE-2025-12921. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12921 | OpenClinica Community Edition up to 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file xml injection

Post correlati

CVE-2024-22768 | Hitron DVR HVR-4781 up to 4.02 default credentials

CVE-2024-6505 | QEMU virtio-net Device out-of-bounds

CVE-2025-31947 | Mattermost up to 9.11.11/10.4.4/10.5.2/10.6.1 LDAP Lockout overly restrictive account lockout mechanism

CVE-2025-9044 | Mapster WP Maps Plugin up to 1.20.0 on WordPress cross site scripting