Path Traversal Vulnerability in JeeWMS by JEE Tech
CVE-2025-5385

5.3MEDIUM

Key Information:

Vendor

JEE Tech

Status
Jeewms
Vendor
CVE Published:
31 May 2025

What is CVE-2025-5385?

A path traversal vulnerability exists in JeeWMS versions up to 20250504, specifically within the doAdd function of the /cgformTemplateController.do?doAdd file. This vulnerability allows attackers to manipulate file paths, potentially gaining unauthorized access to sensitive files on the server. Exploitation can be conducted remotely, posing a threat to the integrity and confidentiality of the affected system. Continuous delivery methodologies employed by JeeWMS mean that specifics on versioning for affected releases may not be readily available, underscoring the importance of timely updates and security assessments.

Affected Version(s)

JeeWMS 20250504

References

https://vuldb.com/?id.310678
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310678
signaturepermissions-required
https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV
issue-tracking

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB Gitee Analyzer
.
CVE-2025-5385 : Path Traversal Vulnerability in JeeWMS by JEE Tech