CVE-2025-5390
Critical vulnerability found in JeeWMS leading to improper access controls
Overview
The software JeeWMS up to version 20250504 is found to have a critical vulnerability in the filedeal function of its File Handler component. This security flaw leads to improper access controls and can be exploited remotely.
Technical Details
The vulnerability stems from the file /systemController/filedeal.do of JeeWMS. The flaw can be manipulated remotely, without any user interaction, which causes limited impact on the confidentiality, integrity, and availability of the system.
CVSS Metrics
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
This vulnerability allows attackers to bypass access controls remotely leading to a compromise in system confidentiality, integrity, and availability.
Recommendations
Update JeeWMS to the latest version as soon as one is available. Keep monitoring the product's website or contact the vendor for updates or patches. Always use access controls and secure configurations to mitigate this type of vulnerability.
Threat Metrics
- cvss_score: 6.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: LOW
- user_interaction: NONE