CVE-2025-5389

5/31/2025 7:15:20 PM

2 روز قبل

Reporter :cna@vuldb.com

Modified :5/31/2025 7:15:20 PM

Problem Data :CWE-266

Description

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Cvss Version 2.0

6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector	Network
Access Complexity	Low
Authentication	Single
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

Cvss Version 3.1

6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None
Scope	Unchanged
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	Low

Cvss Version 4.0

5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None
Vulnerability Complexity	Low
Vulnerability Impact	Low

EPSS

Epss Score	0.00032
Epss Percentile	0.07538

ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.

پیشنهادات:

به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
از بروزرسانی های آتی این آسیب پذیری مطلع شوید.

Reference

لینک	منبع	تگ ها
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
https://vuldb.com/?ctiid.310682
https://vuldb.com/?id.310682