CVE-2025-5387
Improper Access Control vulnerability in JeeWMS
Overview
A critical vulnerability was found in JeeWMS up to 20250504. Improper access controls in the dogenerate function of the file /generateController.do?dogenerate within the File Handler component can be exploited remotely.
Technical Details
The vulnerability stems from a manipulation within the File Handler component, specifically affecting the function dogenerate. The issue leads to improper access controls, opening the possibility of a remote attack.
CVSS Metrics
- Base Score: 6.3
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability can be exploited remotely, leading to potential unauthorized access and manipulation within the system.
Recommendations
Regular patches and updates should be applied to JeeWMS as it employs a rolling release system for continuous delivery. Ensure access controls are correctly configured to prevent unauthorized access.
Threat Metrics
- cvss_score: 6.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW