CVE-2025-63738

Published December 9th, 2025

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php.

rainrocka/xinhu

信呼，免费开源的办公OA系统，包括APP，pc上客户端，REIM即时通信，服务端等，让每个企业单位都有自己的办公系统。

GitHub

126